General
-
Target
51075fb641b90e7d2eba2dd0e783bbed_JaffaCakes118
-
Size
172KB
-
Sample
240729-tgem5awdmk
-
MD5
51075fb641b90e7d2eba2dd0e783bbed
-
SHA1
c0843fb08b4e2bc1a6a0114639547bf68f063f9a
-
SHA256
965b58a59f23147eb3591358b225a45ecbeef270030d9d30c42b97b07805e294
-
SHA512
9f1f32a89be0d70a098569f7a529802dc077373b95e55c5ff83428ac33ecb632394b2582f973c095b22326f0ed3cbef398ae15758e1af0f76917b69999fa0257
-
SSDEEP
3072:S9Y7JFdykDUtpPZTnzTtAhElTe/YUpmYBb+kF:0Y1Fdyk2P1lAhGMT
Malware Config
Extracted
pony
http://209.59.219.1/forum/viewtopic.php
http://212.58.20.11/forum/viewtopic.php
-
payload_url
http://www.yg-interfans.com/2TTjyHZF/2Ea.exe
http://karyk.pl/3cG3TCHD/o1rm.exe
http://q2store.com/nZJ3YF9C/qv7.exe
Targets
-
-
Target
51075fb641b90e7d2eba2dd0e783bbed_JaffaCakes118
-
Size
172KB
-
MD5
51075fb641b90e7d2eba2dd0e783bbed
-
SHA1
c0843fb08b4e2bc1a6a0114639547bf68f063f9a
-
SHA256
965b58a59f23147eb3591358b225a45ecbeef270030d9d30c42b97b07805e294
-
SHA512
9f1f32a89be0d70a098569f7a529802dc077373b95e55c5ff83428ac33ecb632394b2582f973c095b22326f0ed3cbef398ae15758e1af0f76917b69999fa0257
-
SSDEEP
3072:S9Y7JFdykDUtpPZTnzTtAhElTe/YUpmYBb+kF:0Y1Fdyk2P1lAhGMT
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-