General
-
Target
fbc0feb98eb3107f55bee3ad1b60f6c0_JaffaCakes118
-
Size
171KB
-
Sample
240420-c71jvaec93
-
MD5
fbc0feb98eb3107f55bee3ad1b60f6c0
-
SHA1
b2c25565e02c6265d2884bd8ea1d8d20077ac779
-
SHA256
a709e2193c45ec58bb155459651031e1b680bf40fc1f0b0ac8cbd9b6e50969ae
-
SHA512
de34a70105b17a33484fe3ef9f89968d37f1b3a87d31e5e9473ed26d50d3bf8dd0e24fe89e51b8ebc1776f797e1255b196e7587a3f8edbcc8f672bc70901cff8
-
SSDEEP
3072:BbGM7n37/e4wNzj8lFqaf7EF3yyW3NxrlO+KPveksLU:4I3TeB387lTEiyMtO+Kt
Malware Config
Extracted
pony
http://108.166.65.182:8080/pony/gate.php
http://199.192.203.139/pony/gate.php
-
payload_url
http://ghivece-gradina.ro/a1A.exe
http://parapunov.com/F4nzCV.exe
Targets
-
-
Target
fbc0feb98eb3107f55bee3ad1b60f6c0_JaffaCakes118
-
Size
171KB
-
MD5
fbc0feb98eb3107f55bee3ad1b60f6c0
-
SHA1
b2c25565e02c6265d2884bd8ea1d8d20077ac779
-
SHA256
a709e2193c45ec58bb155459651031e1b680bf40fc1f0b0ac8cbd9b6e50969ae
-
SHA512
de34a70105b17a33484fe3ef9f89968d37f1b3a87d31e5e9473ed26d50d3bf8dd0e24fe89e51b8ebc1776f797e1255b196e7587a3f8edbcc8f672bc70901cff8
-
SSDEEP
3072:BbGM7n37/e4wNzj8lFqaf7EF3yyW3NxrlO+KPveksLU:4I3TeB387lTEiyMtO+Kt
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-