General
-
Target
6eb7f3284274535f8c7e53c577a7a27f_JaffaCakes118
-
Size
108KB
-
Sample
240725-jqnbhswhnn
-
MD5
6eb7f3284274535f8c7e53c577a7a27f
-
SHA1
943a44dbd4f7ed1919329b6c2c724ad3fa320b9f
-
SHA256
5f9b823eaaab429597b1c90fe1e269536c650ff327060af803da74003051f5b4
-
SHA512
70d199d3bcbaa9a0773b9b6c0758fc2517a57c14f4278bc73f6bd4f9cf8fd97897293888b354e969af1d55acfac90fc888056784d42dec315d8a1c246d6645f4
-
SSDEEP
3072:tUz7yfo7x09S5w6zbc9DDeMUcNFWCL9oRz:tg7EIw19JgR
Malware Config
Extracted
pony
http://187.9.27.164:8080/forum/viewtopic.php
http://74.91.121.211/forum/viewtopic.php
-
payload_url
http://allsights.com/bmvnV5HK.exe
http://www.erdemsifa.com/kT8C.exe
http://joia.be/3Zsk5.exe
Targets
-
-
Target
6eb7f3284274535f8c7e53c577a7a27f_JaffaCakes118
-
Size
108KB
-
MD5
6eb7f3284274535f8c7e53c577a7a27f
-
SHA1
943a44dbd4f7ed1919329b6c2c724ad3fa320b9f
-
SHA256
5f9b823eaaab429597b1c90fe1e269536c650ff327060af803da74003051f5b4
-
SHA512
70d199d3bcbaa9a0773b9b6c0758fc2517a57c14f4278bc73f6bd4f9cf8fd97897293888b354e969af1d55acfac90fc888056784d42dec315d8a1c246d6645f4
-
SSDEEP
3072:tUz7yfo7x09S5w6zbc9DDeMUcNFWCL9oRz:tg7EIw19JgR
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-