Overview

overview

10

Static

static

3

JaffaCakes...61.exe

windows7-x64

10

JaffaCakes...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8eead78c59ea031b6f88967129726261

  • Size

    122KB

  • Sample

    250329-wby6pasnz5

  • MD5

    8eead78c59ea031b6f88967129726261

  • SHA1

    448710fba5185ab096f9b4bfbbc15c1c4b6dbbe5

  • SHA256

    17e78aad1c3775df498c475a16b07f268a264c1aae8469ff580ef9c1b1a26bbe

  • SHA512

    0aed37b6dee6c9aa742810e992ae3b2de2738458ee7cddd6d696ae92ab9b5795055557175c64b11dd8912e12c43987856e52cd60c1fcaf30e197f3c087d8dff1

  • SSDEEP

    3072:Ub6LqMHjFDomqS5YlqEj2A4Kp3cXiqflOxOOh:Ub6LqMCPRXp6iqfl

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://carmine.warsheet.com:8080/forum/viewtopic.php

http://deswarlist.warsheet.com:8080/forum/viewtopic.php

http://easymailonline.com:8080/forum/viewtopic.php

http://holmesent.com:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://www.jananddave.talktalk.net/HyRN4.exe

    http://www.alwaysgood23.com/AvsWxC.exe

    http://acrossbeyond.com/w4ZPoNT.exe

Targets

    • Target

      JaffaCakes118_8eead78c59ea031b6f88967129726261

    • Size

      122KB

    • MD5

      8eead78c59ea031b6f88967129726261

    • SHA1

      448710fba5185ab096f9b4bfbbc15c1c4b6dbbe5

    • SHA256

      17e78aad1c3775df498c475a16b07f268a264c1aae8469ff580ef9c1b1a26bbe

    • SHA512

      0aed37b6dee6c9aa742810e992ae3b2de2738458ee7cddd6d696ae92ab9b5795055557175c64b11dd8912e12c43987856e52cd60c1fcaf30e197f3c087d8dff1

    • SSDEEP

      3072:Ub6LqMHjFDomqS5YlqEj2A4Kp3cXiqflOxOOh:Ub6LqMCPRXp6iqfl

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks