General
-
Target
72b9b4014ad12bc9fcb797f217c073b8_JaffaCakes118
-
Size
144KB
-
Sample
240726-fzkefaycmq
-
MD5
72b9b4014ad12bc9fcb797f217c073b8
-
SHA1
bbd4c5a40a97f4a2617cb613f0d90a597f183aa7
-
SHA256
e39041f09aa8442ba6cfa0a53f03ece042422a8661c10129f806e12a80bda01e
-
SHA512
cdcb6ba261c63fb13760cae4f1ded59d7c8d4c316b94fb214b7c26868c622ed86b2f68469f52fd8ca4232e977c979b9cc9a16b51240fefb09c441c2669d294c3
-
SSDEEP
3072:0jlKZelTDbfra36ZbYNgLV3XJBbKuMHiJgpaJIK0rvox2qUQ:4welHa3UbYuFPbUJaYrE
Malware Config
Extracted
pony
http://74.53.97.66:8080/forum/viewtopic.php
http://74.53.97.67:8080/forum/viewtopic.php
-
payload_url
http://www.selfdefensesuperstore.com/ifWSX.exe
http://sierratroutmagnet.com/QkaK.exe
http://www.joserrago.com/WF2oWtq.exe
Targets
-
-
Target
72b9b4014ad12bc9fcb797f217c073b8_JaffaCakes118
-
Size
144KB
-
MD5
72b9b4014ad12bc9fcb797f217c073b8
-
SHA1
bbd4c5a40a97f4a2617cb613f0d90a597f183aa7
-
SHA256
e39041f09aa8442ba6cfa0a53f03ece042422a8661c10129f806e12a80bda01e
-
SHA512
cdcb6ba261c63fb13760cae4f1ded59d7c8d4c316b94fb214b7c26868c622ed86b2f68469f52fd8ca4232e977c979b9cc9a16b51240fefb09c441c2669d294c3
-
SSDEEP
3072:0jlKZelTDbfra36ZbYNgLV3XJBbKuMHiJgpaJIK0rvox2qUQ:4welHa3UbYuFPbUJaYrE
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-