General
-
Target
4503a4b79bb533c597d25c672e97c93e_JaffaCakes118
-
Size
89KB
-
Sample
240729-n355baxdml
-
MD5
4503a4b79bb533c597d25c672e97c93e
-
SHA1
37297531b9b1455ff4e5bf5ad6af45983dbf8e56
-
SHA256
6f31f94d270870e5a708cbd208f2de97b2b4f5e6e18e83088e4e8aa9dbda1f26
-
SHA512
4000df5bf60019d98a1d559fcdb4646339ddde81b1f2ffab9829e0662e0abb0c270500cea5ed4d182e2d587ba122999105b1e8a6d621ab314aa45a36f5e41505
-
SSDEEP
1536:Vlk3eH2uqTkAX1aesAGZ4jlBobuyJRdfSeODA/TvsE4XkzZz:3ErzaesAGijlwTlODxE4Yz
Malware Config
Extracted
pony
http://forum-voip.com:8080/ponyb/gate.php
http://forum-voip.net:8080/ponyb/gate.php
http://paralysiesfaciale.com:8080/ponyb/gate.php
http://paralysiesfaciales.com:8080/ponyb/gate.php
-
payload_url
http://at-brodbeck.de/qE6.exe
http://cancunie.com/PGLtvY.exe
http://gulf-coast-rentals.net/WMEvFA.exe
Targets
-
-
Target
4503a4b79bb533c597d25c672e97c93e_JaffaCakes118
-
Size
89KB
-
MD5
4503a4b79bb533c597d25c672e97c93e
-
SHA1
37297531b9b1455ff4e5bf5ad6af45983dbf8e56
-
SHA256
6f31f94d270870e5a708cbd208f2de97b2b4f5e6e18e83088e4e8aa9dbda1f26
-
SHA512
4000df5bf60019d98a1d559fcdb4646339ddde81b1f2ffab9829e0662e0abb0c270500cea5ed4d182e2d587ba122999105b1e8a6d621ab314aa45a36f5e41505
-
SSDEEP
1536:Vlk3eH2uqTkAX1aesAGZ4jlBobuyJRdfSeODA/TvsE4XkzZz:3ErzaesAGijlwTlODxE4Yz
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-