Overview

overview

10

Static

static

3

JaffaCakes...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_9eab6c034c5801c234ad0aa33589a39a

  • Size

    150KB

  • Sample

    250407-l1bftayks5

  • MD5

    9eab6c034c5801c234ad0aa33589a39a

  • SHA1

    cadf7723fe9642812cb36954a400dff5d0b7dc26

  • SHA256

    17973cd68dd3547132aa2bcd54f56e6df30a8aaa634321f5fd9d74d2c1d407ae

  • SHA512

    41e0752b7d20c5e85f8a585f2488fb379d0fea4b5f517720d7c9deb42e3ac950669de3d40d7759111385c4dd1e835f2d2addf351b3caf6ae97777a76b53c9226

  • SSDEEP

    3072:0XxTKbyR+nsPW/tagKwh4HA4q1SYBzvykvk3HL6P3W8RH:SxTKbnsPWIIh4gmszzSLzEH

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://blog.ritual.ca:8080/forum/viewtopic.php

http://dontgetcaught.ca:8080/forum/viewtopic.php

http://justcateringfoodservices.com:8080/forum/viewtopic.php

http://lumberlandnorth.com:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://demo.pageperson.com/bogNr.exe

    http://50.63.16.86/Z37tUk.exe

    http://libyaimdad.com/J1VYZR.exe

Targets

    • Target

      JaffaCakes118_9eab6c034c5801c234ad0aa33589a39a

    • Size

      150KB

    • MD5

      9eab6c034c5801c234ad0aa33589a39a

    • SHA1

      cadf7723fe9642812cb36954a400dff5d0b7dc26

    • SHA256

      17973cd68dd3547132aa2bcd54f56e6df30a8aaa634321f5fd9d74d2c1d407ae

    • SHA512

      41e0752b7d20c5e85f8a585f2488fb379d0fea4b5f517720d7c9deb42e3ac950669de3d40d7759111385c4dd1e835f2d2addf351b3caf6ae97777a76b53c9226

    • SSDEEP

      3072:0XxTKbyR+nsPW/tagKwh4HA4q1SYBzvykvk3HL6P3W8RH:SxTKbnsPWIIh4gmszzSLzEH

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks