Overview

overview

10

Static

static

1

JaffaCakes...93.exe

windows7-x64

10

JaffaCakes...93.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5506bdcc5884f6340da4e681358c6f93

  • Size

    172KB

  • Sample

    250129-kygpdatlb1

  • MD5

    5506bdcc5884f6340da4e681358c6f93

  • SHA1

    0b69db69dbc1f6f4c3399027b3dcd82ae6c29bec

  • SHA256

    26fac6f0ee246bc5e7733afd98428bcb3f65d001a361bfdda76fd5aacda1c5f6

  • SHA512

    05315571b312a1dde5391a217a890873015e24ff810ea503b77f4d77cf5b470768eb36e685e9dd4a79102cf2c4eb3c7110de53e0ce0e2394a552439cadfc6f99

  • SSDEEP

    3072:xpXwci537/1nsq39e2micZ3ueW3wrYm+7cEDKMeH:I5BT1sqtxpg+eML7lKh

Score
10/10
ponycredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://108.166.65.182:8080/ponychin/gate.php

http://50.116.8.205/ponychin/gate.php
Attributes
  • payload_url

    http://hakunamatatadg.it/bZcG8bvH/0CR4Dg.exe

    http://pornattitude.info/V1UQtWaB/XuZ.exe

    http://aptelectricsltd.co.uk/y3ZxwLWm/LTpS.exe

Targets

    • Target

      JaffaCakes118_5506bdcc5884f6340da4e681358c6f93

    • Size

      172KB

    • MD5

      5506bdcc5884f6340da4e681358c6f93

    • SHA1

      0b69db69dbc1f6f4c3399027b3dcd82ae6c29bec

    • SHA256

      26fac6f0ee246bc5e7733afd98428bcb3f65d001a361bfdda76fd5aacda1c5f6

    • SHA512

      05315571b312a1dde5391a217a890873015e24ff810ea503b77f4d77cf5b470768eb36e685e9dd4a79102cf2c4eb3c7110de53e0ce0e2394a552439cadfc6f99

    • SSDEEP

      3072:xpXwci537/1nsq39e2micZ3ueW3wrYm+7cEDKMeH:I5BT1sqtxpg+eML7lKh

    Score
    10/10
    ponycredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks