General
-
Target
35d5add5c007ad0ffb32dc20b1019341_JaffaCakes118
-
Size
114KB
-
Sample
240710-wvm8javdma
-
MD5
35d5add5c007ad0ffb32dc20b1019341
-
SHA1
4c8973fe0beac4e6dbf70aa7d2d25c44e0d5b351
-
SHA256
0d271653281d2f11126ee5a3b9c5708986fb55501ba743874aea43c718fa5a36
-
SHA512
f662a82acab00fbfe70cb3413b6c0f5674bbd7933dd5a8e2c771b8e768379927745e9e4104a00b4b7eddf22fa532a71ed82bf604369a627dce8baa790d1263fe
-
SSDEEP
3072:/XAtWYKBlV8FGs287FF/oijKH+6moNOYvvmVYz9:fAoYKXV852sFFgUIO
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://69.194.194.238/pony/gate.php
-
payload_url
http://ftp.ex-fin.sk/0rk5TF.exe
http://archstone.ro/yuzFyjAw.exe
Targets
-
-
Target
35d5add5c007ad0ffb32dc20b1019341_JaffaCakes118
-
Size
114KB
-
MD5
35d5add5c007ad0ffb32dc20b1019341
-
SHA1
4c8973fe0beac4e6dbf70aa7d2d25c44e0d5b351
-
SHA256
0d271653281d2f11126ee5a3b9c5708986fb55501ba743874aea43c718fa5a36
-
SHA512
f662a82acab00fbfe70cb3413b6c0f5674bbd7933dd5a8e2c771b8e768379927745e9e4104a00b4b7eddf22fa532a71ed82bf604369a627dce8baa790d1263fe
-
SSDEEP
3072:/XAtWYKBlV8FGs287FF/oijKH+6moNOYvvmVYz9:fAoYKXV852sFFgUIO
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-