General
-
Target
649f9406c4da548ece6fdbb4bb0d41db_JaffaCakes118
-
Size
92KB
-
Sample
240729-2grlpayckc
-
MD5
649f9406c4da548ece6fdbb4bb0d41db
-
SHA1
9563861fcecc7b99361e1cd453866aca59cd18b6
-
SHA256
1b48aea1444da777da5c1cd245484630f22e05d16f62ba64d356f9bb7bce6e4c
-
SHA512
ccb9085a5549b2270d1d29e5c527c8e6b61444668d276bc59a8c07d049eb605edd74492a2d4960227cb3dfc98e718ff9ecc8f7300c16bb4fd0a1116376dddc82
-
SSDEEP
1536:A/uKpqhYGaxEJO5iS020P2Gnbl0kIuXGSxYTGJEmQB7bu0EcJnwqy2cc:HMxGS0202klpIuTOX9N9EV
Malware Config
Targets
-
-
Target
649f9406c4da548ece6fdbb4bb0d41db_JaffaCakes118
-
Size
92KB
-
MD5
649f9406c4da548ece6fdbb4bb0d41db
-
SHA1
9563861fcecc7b99361e1cd453866aca59cd18b6
-
SHA256
1b48aea1444da777da5c1cd245484630f22e05d16f62ba64d356f9bb7bce6e4c
-
SHA512
ccb9085a5549b2270d1d29e5c527c8e6b61444668d276bc59a8c07d049eb605edd74492a2d4960227cb3dfc98e718ff9ecc8f7300c16bb4fd0a1116376dddc82
-
SSDEEP
1536:A/uKpqhYGaxEJO5iS020P2Gnbl0kIuXGSxYTGJEmQB7bu0EcJnwqy2cc:HMxGS0202klpIuTOX9N9EV
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-