Overview

overview

10

Static

static

3

JaffaCakes...cf.exe

windows7-x64

10

JaffaCakes...cf.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6dc8b6302f51f963dbdffbfa8411f6cf

  • Size

    111KB

  • Sample

    250131-zeczeawpbs

  • MD5

    6dc8b6302f51f963dbdffbfa8411f6cf

  • SHA1

    040a1c90025cc1314687a6497d581e86313d6d2e

  • SHA256

    03a0e7c6f7d876646c7c8cf0e215d2e994050bbcea449aeed2df587d92517e2c

  • SHA512

    74eb6f852b0f344c2bebddc64cc7ade898c1e7fb840522d8508787f59e39a2cdfdac258f01dc965fcd47b2c6281f28fee514a3168980463970f7936a8560edb3

  • SSDEEP

    3072:TQUr+X0Gx6gN3c7ZcFOWHXZvHlE/Rrdf:7SX0GrN3c7as4XZvSpB

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://13.carnovirious.net/forum/viewtopic.php

http://13.JONEMNOMINIK.NET/forum/viewtopic.php

http://13.LOMERDASTER.NET/forum/viewtopic.php

http://13.ZABAKARVESTER.NET/forum/viewtopic.php
Attributes
  • payload_url

    http://www.itopservices.it/Ntx.exe

    http://faulpelz.ch/nnARS1b.exe

    http://wabsolutely.com/Egyo6cV.exe

    http://canadianposcorp.com/Zje.exe

    http://schenkelbot.com/hwk40m.exe

    http://ftp.institutodedesarrollo.es/kvWcmHRw.exe

Targets

    • Target

      JaffaCakes118_6dc8b6302f51f963dbdffbfa8411f6cf

    • Size

      111KB

    • MD5

      6dc8b6302f51f963dbdffbfa8411f6cf

    • SHA1

      040a1c90025cc1314687a6497d581e86313d6d2e

    • SHA256

      03a0e7c6f7d876646c7c8cf0e215d2e994050bbcea449aeed2df587d92517e2c

    • SHA512

      74eb6f852b0f344c2bebddc64cc7ade898c1e7fb840522d8508787f59e39a2cdfdac258f01dc965fcd47b2c6281f28fee514a3168980463970f7936a8560edb3

    • SSDEEP

      3072:TQUr+X0Gx6gN3c7ZcFOWHXZvHlE/Rrdf:7SX0GrN3c7as4XZvSpB

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks