Overview

overview

10

Static

static

3

JaffaCakes...ba.exe

windows7-x64

10

JaffaCakes...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_546f85676ac780e9ac9c447cca2887ba

  • Size

    114KB

  • Sample

    250129-jpja6sxqdq

  • MD5

    546f85676ac780e9ac9c447cca2887ba

  • SHA1

    bc8c14354dc43f28879aad07be4808546078993f

  • SHA256

    7f639ab0280abace14cb94482f1435e09c194daa923dd99f63d0cc277d357abe

  • SHA512

    034866aa3263581f42d4d012b684f211df0ee41a63eb7df82126f26f2c46c0904071b5de8feb5dfe616a1f81b6e490c80d303cf99d3c3a5cffaa3b86ca2be650

  • SSDEEP

    3072:/XAtWYKBlVXFGs287FF/oijKH+6moNOYvvmVYz9:fAoYKXVX52sFFgUIO

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://etsiunjour.fr:81/pony/gate.php

http://69.194.194.238/pony/gate.php
Attributes
  • payload_url

    http://ftp.ex-fin.sk/0rk5TF.exe

    http://archstone.ro/yuzFyjAw.exe

Targets

    • Target

      JaffaCakes118_546f85676ac780e9ac9c447cca2887ba

    • Size

      114KB

    • MD5

      546f85676ac780e9ac9c447cca2887ba

    • SHA1

      bc8c14354dc43f28879aad07be4808546078993f

    • SHA256

      7f639ab0280abace14cb94482f1435e09c194daa923dd99f63d0cc277d357abe

    • SHA512

      034866aa3263581f42d4d012b684f211df0ee41a63eb7df82126f26f2c46c0904071b5de8feb5dfe616a1f81b6e490c80d303cf99d3c3a5cffaa3b86ca2be650

    • SSDEEP

      3072:/XAtWYKBlVXFGs287FF/oijKH+6moNOYvvmVYz9:fAoYKXVX52sFFgUIO

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks