Overview

overview

10

Static

static

3

JaffaCakes...a0.exe

windows7-x64

10

JaffaCakes...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_1d5dc399055f771290dc9b7c630042a0

  • Size

    160KB

  • Sample

    250124-dlhmkswpgy

  • MD5

    1d5dc399055f771290dc9b7c630042a0

  • SHA1

    65fb980fe50d477cdefac14704800cfaf08aa789

  • SHA256

    38b68a9e074c519ea38199a824efe32745c3c27bc2cedfe4bd7b5dd654838526

  • SHA512

    1c5d571c5ce68e1ce587b1475cb6adb0dd2c2f68a4b9051d96424670f704af9f8cdcdafa43f03e6458e2e711462e203ef66a7004f84b99ceb41cd8d3e5dd7db0

  • SSDEEP

    3072:iVouj2qgu7klbJBJ5ByuC/xUBf1OXZa6rOX5kMPOxylt:iVRj2hLlTJDr6pTr

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://weshift.net:8080/forum/viewtopic.php

http://207.58.180.139:8080/forum/viewtopic.php

http://aoc.fm:8080/forum/viewtopic.php

http://changepioneers.at:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://searchplus.ca/uwPWQ.exe

    http://www.torinoacquari.com/tLy6ewd.exe

    http://test.activeim.com.au/WBv.exe

Targets

    • Target

      JaffaCakes118_1d5dc399055f771290dc9b7c630042a0

    • Size

      160KB

    • MD5

      1d5dc399055f771290dc9b7c630042a0

    • SHA1

      65fb980fe50d477cdefac14704800cfaf08aa789

    • SHA256

      38b68a9e074c519ea38199a824efe32745c3c27bc2cedfe4bd7b5dd654838526

    • SHA512

      1c5d571c5ce68e1ce587b1475cb6adb0dd2c2f68a4b9051d96424670f704af9f8cdcdafa43f03e6458e2e711462e203ef66a7004f84b99ceb41cd8d3e5dd7db0

    • SSDEEP

      3072:iVouj2qgu7klbJBJ5ByuC/xUBf1OXZa6rOX5kMPOxylt:iVRj2hLlTJDr6pTr

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks