General
-
Target
4dc3ac9fc552a34ccaf4e0b995c917d9_JaffaCakes118
-
Size
164KB
-
Sample
240729-sc8vqsxhpb
-
MD5
4dc3ac9fc552a34ccaf4e0b995c917d9
-
SHA1
24f3f40c059c4103ec4849514bcd3f29e2448256
-
SHA256
ca6f70af4f9ca5567149294da531de482c6ec2e7728f092e99f57e18565fe25e
-
SHA512
dd28e275d9a9ffa76c173080f817651ef497adcc506133198f97b866458f0bb013a76ef2a8e279cbe8233a87bd666ca84a51558a2b1db99a06fccccdb3807bbc
-
SSDEEP
3072:QfaTgpRM+TqOsz+a/46dAklFqqBGsXrsfKFOOQ92uD7:WvvUAklgq0sXAfX+q7
Malware Config
Extracted
pony
http://paddleboat.eu/inc/redirect.php
http://piece-of-cake.fr/images/message/redirect.php
http://zurekconstruction.com/wp-content/themes/twentythirteen/redirect.php
http://kneipp-aurich.de/css/1213.dat
http://paddleboat.eu/inc/1213.dat
http://piece-of-cake.fr/images/message/1213.dat
http://www.dourpalette.be/galphot/cdh/1213.dat
http://kbr-may-edu.ru/wp-admin/js/1213.dat
Targets
-
-
Target
0day warez.url
-
Size
117B
-
MD5
8cbd314b2ad010d3d98b491bf43e17e5
-
SHA1
a2c325f51fbca539ba4257aeb28c7a3f5b7c2c55
-
SHA256
74487459b955a2a5c2139979109005bd2fb1a4c5ba00c6b66e8b09788a32c404
-
SHA512
d3544903e08be65288e6ee057bf98df9646d93381136d8c34df74c99d7c28933f1321bc3575d3a70878cbcb0bfc72f0a0fdc6eea8f4972e4a5af61afee3dae1c
Score1/10 -
-
-
Target
CPLApp.cpl
-
Size
71KB
-
MD5
6e6ff1275216a0c31bbb792b53f47083
-
SHA1
5da5d675ab6873993bdfcc871e2cb08701453fc3
-
SHA256
700573ca11f25afd36f7efaf8309d0eed89dd687e966563ef8faab715666506d
-
SHA512
5856a28b0dd3f3fceeaaba852aef0ccbed1bb8595249fdc83d4b76e9d83aa7bb9c7fd557346b5302ee5ffec979aa8561afa71bae126bf46e3dc16425d51e089a
-
SSDEEP
768:uoeZZay22YPfYl+hZYhTjRFcK9601g6vuoMRhil2rQAbTfSOsMY9cmIILX:5eQ/PfEhTjTgpRMSbTqOsz9c6b
Score3/10 -
-
-
Target
patch.exe
-
Size
188KB
-
MD5
e356bd4ab50a8b3cc0cb3d8ff153d4ee
-
SHA1
a06bf2cee3d5af09aff98b2760a7daa286460b0e
-
SHA256
296b29cbbb7749ebaac9fb7a5118e14c950449a3bd602509ccb31fdd05a39417
-
SHA512
cbe67fca0f861a612c31998ea5cfff43c04d61c159c3d7e5c18ffc9cf967b53816e97695656c37f38eb0ec0ac12c7c7fc5b4473e59836fa12cfdf6a2807e1ba3
-
SSDEEP
3072:od/hIEE1RC4hczMR5U7hLlOCt5wEgGbEkqu3HSWaxXpX0wWd2QDyIlBnU:odeEFDh5OMEkpXdY0ld2odU
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-