General

  • Target

    JaffaCakes118_ae0101cb8e653256741d22411dc89f74

  • Size

    161KB

  • Sample

    250118-taflvaykdj

  • MD5

    ae0101cb8e653256741d22411dc89f74

  • SHA1

    c392c311dd73941d65b0dbc8025d2e69195f16a1

  • SHA256

    9f435d42422aaaf4b24496820fd02c7f10475c02cc51e95f6df670990cafbe04

  • SHA512

    f61e7ae53f907ec06b35d3d770722bed160245f69cc431b96af0ccdaa67568c3598047c7830b1a0fa5beb0924051a38cd71ba0affbdf858a7a0e5c57dcbb1da6

  • SSDEEP

    3072:8VNG9/bF9s/QUqto8otUPC8cW/y3n9eCh5KG:8VNG9ZyIUqtofYHwn5F

Malware Config

Extracted

Family

pony

C2

http://spv.bagraphix.com/forum/viewtopic.php

http://spv.ktzataheret.com/forum/viewtopic.php

Attributes
  • payload_url

    http://3073.a.hostable.me/Z2U.exe

    http://85.18.21.252/PNV3Hbi.exe

Targets

    • Target

      JaffaCakes118_ae0101cb8e653256741d22411dc89f74

    • Size

      161KB

    • MD5

      ae0101cb8e653256741d22411dc89f74

    • SHA1

      c392c311dd73941d65b0dbc8025d2e69195f16a1

    • SHA256

      9f435d42422aaaf4b24496820fd02c7f10475c02cc51e95f6df670990cafbe04

    • SHA512

      f61e7ae53f907ec06b35d3d770722bed160245f69cc431b96af0ccdaa67568c3598047c7830b1a0fa5beb0924051a38cd71ba0affbdf858a7a0e5c57dcbb1da6

    • SSDEEP

      3072:8VNG9/bF9s/QUqto8otUPC8cW/y3n9eCh5KG:8VNG9ZyIUqtofYHwn5F

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.