General
-
Target
8f017aded4e92b1f711409a08cc80ece_JaffaCakes118
-
Size
168KB
-
Sample
240812-rcd5patgpn
-
MD5
8f017aded4e92b1f711409a08cc80ece
-
SHA1
9c352f1ae338b55baa38b8b4c60ccea85e2a4769
-
SHA256
5a8f432e9e9c9784da725252d3463067eb6e476b59bf84632a7f8e5c4ce6fdc2
-
SHA512
f04c11b148221471da17d2594bc86e6808801f85afebef3eeac9e47ad91e70f640266019f0c806a7946f1160e33f9ec52666ac5b91c7c4f28c223bbd78edcbcf
-
SSDEEP
3072:Cp5qYwFHNdz1C2YHv7aFNW8QNzlxK6NAUTaV0dC2wqQQ:COYiHNzC2YHuFNWvplxK6mU2UOQ
Malware Config
Extracted
pony
http://momus.com.tw:8080/pony/gate.php
http://66.175.220.58/pony/gate.php
-
payload_url
http://emirkanotorent.com/aEP4H9.exe
http://propasmanagement.com/qTNc.exe
http://www.graficasalli.com.br/AqnAaH.exe
Targets
-
-
Target
8f017aded4e92b1f711409a08cc80ece_JaffaCakes118
-
Size
168KB
-
MD5
8f017aded4e92b1f711409a08cc80ece
-
SHA1
9c352f1ae338b55baa38b8b4c60ccea85e2a4769
-
SHA256
5a8f432e9e9c9784da725252d3463067eb6e476b59bf84632a7f8e5c4ce6fdc2
-
SHA512
f04c11b148221471da17d2594bc86e6808801f85afebef3eeac9e47ad91e70f640266019f0c806a7946f1160e33f9ec52666ac5b91c7c4f28c223bbd78edcbcf
-
SSDEEP
3072:Cp5qYwFHNdz1C2YHv7aFNW8QNzlxK6NAUTaV0dC2wqQQ:COYiHNzC2YHuFNWvplxK6mU2UOQ
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-