Overview

overview

10

Static

static

3

JaffaCakes...89.exe

windows7-x64

10

JaffaCakes...89.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8be588748c8a2d4f4b0583e9fa587189

  • Size

    116KB

  • Sample

    250329-vm3gta1mx7

  • MD5

    8be588748c8a2d4f4b0583e9fa587189

  • SHA1

    6a5daccba5afd482e0cbce2cbfecb3aa8cc724bc

  • SHA256

    78a0823c1a6d51f861e27a5a746ed7aecc410db09c7c3d34050750fb77d49a3f

  • SHA512

    4a979326226c2c237c88eadabd5525c8cca89e05911c302b8de9dca4415ba1571132f3ee2047c2a7f173c0eea2f481ba07afc819b408d47df46adeb91e90708e

  • SSDEEP

    3072:d+DnIwGxxZgW95RlCHjv9KVLvBrU/H8/QnlT:uIPZgW769gbBs8IlT

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://abesonthego.com/ponys/gate.php

http://abesplace.com/ponys/gate.php

http://abesrestaurant.com/ponys/gate.php

http://abestogo.com/ponys/gate.php
Attributes
  • payload_url

    http://www.forexmarketobserver.com/89DJ.exe

    http://copyrman.site.aplus.net/TxJC.exe

    http://205.234.139.127/WGVueF.exe

    http://www.stirlinginvestmentgroup.com/xUG3.exe

Targets

    • Target

      JaffaCakes118_8be588748c8a2d4f4b0583e9fa587189

    • Size

      116KB

    • MD5

      8be588748c8a2d4f4b0583e9fa587189

    • SHA1

      6a5daccba5afd482e0cbce2cbfecb3aa8cc724bc

    • SHA256

      78a0823c1a6d51f861e27a5a746ed7aecc410db09c7c3d34050750fb77d49a3f

    • SHA512

      4a979326226c2c237c88eadabd5525c8cca89e05911c302b8de9dca4415ba1571132f3ee2047c2a7f173c0eea2f481ba07afc819b408d47df46adeb91e90708e

    • SSDEEP

      3072:d+DnIwGxxZgW95RlCHjv9KVLvBrU/H8/QnlT:uIPZgW769gbBs8IlT

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks