General
-
Target
1c31b245808282937f92832d10a6181f_JaffaCakes118
-
Size
156KB
-
Sample
240728-w2ak1s1eld
-
MD5
1c31b245808282937f92832d10a6181f
-
SHA1
656bd435590eb5c98871a61d94092c2050a5dacb
-
SHA256
1e1c82ed6fcdb20e2eb90a95a692eebd25cc73eb61f23a6e7adf0134261e9e8f
-
SHA512
bbc1a7d5d9c3b4ea048a909659561f2a52321767167ab62a1bfc9b9e6b86e1a470f51ed2ca1b5912dfe2a6102783bf554a1a6ff89d4329db4275095cba7eddb9
-
SSDEEP
1536:2+IniYj5jV6FrlxPn3biqh9y2bXND3YBwHGhRpCQwTvqIqqq8U2bqUy:ED6FrvzbPLND3tGRCHvqI9FU2b
Malware Config
Extracted
pony
http://209.59.219.1/forum/viewtopic.php
http://212.58.20.11/forum/viewtopic.php
-
payload_url
http://bauhh.hu/iiTn.exe
http://villageofvinton.com/MUGtaT.exe
http://www.fox-pr.com/xVh.exe
Targets
-
-
Target
1c31b245808282937f92832d10a6181f_JaffaCakes118
-
Size
156KB
-
MD5
1c31b245808282937f92832d10a6181f
-
SHA1
656bd435590eb5c98871a61d94092c2050a5dacb
-
SHA256
1e1c82ed6fcdb20e2eb90a95a692eebd25cc73eb61f23a6e7adf0134261e9e8f
-
SHA512
bbc1a7d5d9c3b4ea048a909659561f2a52321767167ab62a1bfc9b9e6b86e1a470f51ed2ca1b5912dfe2a6102783bf554a1a6ff89d4329db4275095cba7eddb9
-
SSDEEP
1536:2+IniYj5jV6FrlxPn3biqh9y2bXND3YBwHGhRpCQwTvqIqqq8U2bqUy:ED6FrvzbPLND3tGRCHvqI9FU2b
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-