General
-
Target
a6111f34277f4f8acae6608182c42f01_JaffaCakes118
-
Size
108KB
-
Sample
240818-kbss5avcmg
-
MD5
a6111f34277f4f8acae6608182c42f01
-
SHA1
3f03992c4b683025eca9cde2654729a2a61d944e
-
SHA256
eb4acb7c2b9f417da98ec13ae4f742d10a2e32d21a919e93bea3c01a8ed6ab3a
-
SHA512
70864918e363d2a911be7f6f1fdb165ad33a9d58cf69719d75e55d655686741f00fc36e728898f72f257630ac1c11ecaf6bfd97cd4e36d8735d37e0dde162f62
-
SSDEEP
3072:tUzU5P2WViCdlpQKI08ZWY+gEq2cqiKL9oRz:tgU5fbQjZSlgR
Malware Config
Extracted
pony
http://187.9.27.164:8080/ponys/gate.php
http://74.91.121.211/ponys/gate.php
-
payload_url
http://187.17.47.134/AZBwuj4K.exe
http://www.g5management.co.uk/Bae1ASb.exe
http://papetarie-tipografie.ro/V0geEuj.exe
Targets
-
-
Target
a6111f34277f4f8acae6608182c42f01_JaffaCakes118
-
Size
108KB
-
MD5
a6111f34277f4f8acae6608182c42f01
-
SHA1
3f03992c4b683025eca9cde2654729a2a61d944e
-
SHA256
eb4acb7c2b9f417da98ec13ae4f742d10a2e32d21a919e93bea3c01a8ed6ab3a
-
SHA512
70864918e363d2a911be7f6f1fdb165ad33a9d58cf69719d75e55d655686741f00fc36e728898f72f257630ac1c11ecaf6bfd97cd4e36d8735d37e0dde162f62
-
SSDEEP
3072:tUzU5P2WViCdlpQKI08ZWY+gEq2cqiKL9oRz:tgU5fbQjZSlgR
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-