General

  • Target

    179667b99247941add6bc3940bb8ea45_JaffaCakes118

  • Size

    98KB

  • Sample

    240627-1agbps1hnd

  • MD5

    179667b99247941add6bc3940bb8ea45

  • SHA1

    fa34081e80e5783893a1c23518da286aefadeed9

  • SHA256

    2328bf3fceee540921f6f246e87553c2fc7faf0fd18ef07fe06c2ba7bd9dbc16

  • SHA512

    9c87826b923830d52090458ffdc73670e59e7195c189933e60d81b24fbc91e246569a13a4240c52323ff6149bacfbfe1514cd465bc8b5e6b0f7cd60922610b64

  • SSDEEP

    1536:hCsEIU4OyUVjbhbznprieKRtyDs5gbhyresGG8o+R24:BEOOnVftznd0ub+esGvNRX

Malware Config

Targets

    • Target

      179667b99247941add6bc3940bb8ea45_JaffaCakes118

    • Size

      98KB

    • MD5

      179667b99247941add6bc3940bb8ea45

    • SHA1

      fa34081e80e5783893a1c23518da286aefadeed9

    • SHA256

      2328bf3fceee540921f6f246e87553c2fc7faf0fd18ef07fe06c2ba7bd9dbc16

    • SHA512

      9c87826b923830d52090458ffdc73670e59e7195c189933e60d81b24fbc91e246569a13a4240c52323ff6149bacfbfe1514cd465bc8b5e6b0f7cd60922610b64

    • SSDEEP

      1536:hCsEIU4OyUVjbhbznprieKRtyDs5gbhyresGG8o+R24:BEOOnVftznd0ub+esGvNRX

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks