General

  • Target

    1894098e4be39024ecaeba8821cfbb8e_JaffaCakes118

  • Size

    74KB

  • Sample

    240628-dqgk3s1ckr

  • MD5

    1894098e4be39024ecaeba8821cfbb8e

  • SHA1

    99f51ccc251d67aa4ea141089f1cf4dba9200966

  • SHA256

    64072cc5ab399ded7d759e268ba2423c904bde4279c92c627c9df19c01d08ba7

  • SHA512

    bddb09410e9f658a458a52362aa1a33aa9df3da97a0809a93b9f5c7c009da1fe30f7be5a6678e1527f54f31e846f1ed182cd6459b019f98a8c09f7bb8ff1614a

  • SSDEEP

    1536:LP7LMfBAAOdskIYBcGTC/vicG4/51BXoufr7NPPzP:L74B+dfCYovi34/5nXHzP

Malware Config

Targets

    • Target

      1894098e4be39024ecaeba8821cfbb8e_JaffaCakes118

    • Size

      74KB

    • MD5

      1894098e4be39024ecaeba8821cfbb8e

    • SHA1

      99f51ccc251d67aa4ea141089f1cf4dba9200966

    • SHA256

      64072cc5ab399ded7d759e268ba2423c904bde4279c92c627c9df19c01d08ba7

    • SHA512

      bddb09410e9f658a458a52362aa1a33aa9df3da97a0809a93b9f5c7c009da1fe30f7be5a6678e1527f54f31e846f1ed182cd6459b019f98a8c09f7bb8ff1614a

    • SSDEEP

      1536:LP7LMfBAAOdskIYBcGTC/vicG4/51BXoufr7NPPzP:L74B+dfCYovi34/5nXHzP

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks