Overview

overview

10

Static

static

3

JaffaCakes...bb.dll

windows7-x64

8

JaffaCakes...bb.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_949e82d04b852e8aee5eed414e94f0bb

  • Size

    408KB

  • Sample

    250329-x4ylas1xcz

  • MD5

    949e82d04b852e8aee5eed414e94f0bb

  • SHA1

    b2b36085e51599ba638e55672fb443f2f24a463d

  • SHA256

    b25f64090144f614f5f58aa3a73c4c49f1d66f6923b3e13db71929e3f4ed9f59

  • SHA512

    cf8aa446c92377106ad18e0e6be396a1e662c95358618be3adfd42fd14c6543999df80e442958b40060906abeefd62fc8bcf9ab9c9a13944773f2182261ba1ad

  • SSDEEP

    12288:4jt/ZlYzcVdYBkp6WDujLoyKysXAkvvFvL4qGoAYTXauy:agcPek44ufbKysXAkvvFvL4qGoAYTXau

Score
10/10
ponycredential_accessdefense_evasiondiscoveryratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_949e82d04b852e8aee5eed414e94f0bb

    • Size

      408KB

    • MD5

      949e82d04b852e8aee5eed414e94f0bb

    • SHA1

      b2b36085e51599ba638e55672fb443f2f24a463d

    • SHA256

      b25f64090144f614f5f58aa3a73c4c49f1d66f6923b3e13db71929e3f4ed9f59

    • SHA512

      cf8aa446c92377106ad18e0e6be396a1e662c95358618be3adfd42fd14c6543999df80e442958b40060906abeefd62fc8bcf9ab9c9a13944773f2182261ba1ad

    • SSDEEP

      12288:4jt/ZlYzcVdYBkp6WDujLoyKysXAkvvFvL4qGoAYTXauy:agcPek44ufbKysXAkvvFvL4qGoAYTXau

    Score
    10/10
    defense_evasiondiscoveryponycredential_accessratspywarestealerupx

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Disables taskbar notifications via registry modification

      defense_evasion

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks