Overview

overview

10

Static

static

3

JaffaCakes...e6.exe

windows7-x64

10

JaffaCakes...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_024fe5acb054de5dd786554b715559e6

  • Size

    147KB

  • Sample

    250121-f4s75sylby

  • MD5

    024fe5acb054de5dd786554b715559e6

  • SHA1

    675636962aef710e938491d0cce5b59db386f365

  • SHA256

    08e5da4aaf13870982a5ac1c0f5552c0c066b1f9206c9002f3b57bb60ceb189a

  • SHA512

    6518f2208aa773aba901489b5add49711175952b3f4359032efdf580f1c7e498f1c3f3061d0d7e922605d9e090e8d3beffcaa578e093ad8caeea86dc61ba3c7f

  • SSDEEP

    3072:z5Rfr1ZZpFhVpnWYGGCE+q5q9ovASq6mowKZUDibXDl:z5tr5BVFW2Ca5q0qUTD

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://217.20.117.145:8080/pony/gate.php

http://217.20.118.117:8080/pony/gate.php
Attributes
  • payload_url

    http://viveroparadiso.com.ar/NSyf.exe

    http://uppalneurohospital.com/x7nx.exe

    http://greatroastcoffee.com/w1HjW1.exe

Targets

    • Target

      JaffaCakes118_024fe5acb054de5dd786554b715559e6

    • Size

      147KB

    • MD5

      024fe5acb054de5dd786554b715559e6

    • SHA1

      675636962aef710e938491d0cce5b59db386f365

    • SHA256

      08e5da4aaf13870982a5ac1c0f5552c0c066b1f9206c9002f3b57bb60ceb189a

    • SHA512

      6518f2208aa773aba901489b5add49711175952b3f4359032efdf580f1c7e498f1c3f3061d0d7e922605d9e090e8d3beffcaa578e093ad8caeea86dc61ba3c7f

    • SSDEEP

      3072:z5Rfr1ZZpFhVpnWYGGCE+q5q9ovASq6mowKZUDibXDl:z5tr5BVFW2Ca5q0qUTD

    Score
    10/10
    ponydiscoveryratspywarestealercollectioncredential_access

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks