General
-
Target
ce4598526c5f3aade2b98e45cd143d6c_JaffaCakes118
-
Size
143KB
-
Sample
240906-a45chsxemc
-
MD5
ce4598526c5f3aade2b98e45cd143d6c
-
SHA1
d91b256c4c246ab8cd714b10aac0e390b0a397e3
-
SHA256
6ee04f65539ef79a5db4e877f06d01d2bea45dc50d23a7b5e7f485ceb9e5e915
-
SHA512
4a660f769fc3c168892905d2ea0fefee204397003052be032cde90f1c019f5a0e6245f02af000a499abe12e6b1e290195c15621bb1203fee44a166d712f5aa02
-
SSDEEP
3072:0e6EY/PjFtMhvjqqEygi2B5fnjGnf3hi:oR/ZGjqN2s
Malware Config
Extracted
pony
http://64.111.24.123/pony/gate.php
http://66.175.216.111/pony/gate.php
-
payload_url
http://iac-milani.com.ar/4TDA.exe
http://cencardelmagdalena.com/NAKud.exe
http://chacaracantinhodoceu.com.br/ZCy3b1.exe
Targets
-
-
Target
ce4598526c5f3aade2b98e45cd143d6c_JaffaCakes118
-
Size
143KB
-
MD5
ce4598526c5f3aade2b98e45cd143d6c
-
SHA1
d91b256c4c246ab8cd714b10aac0e390b0a397e3
-
SHA256
6ee04f65539ef79a5db4e877f06d01d2bea45dc50d23a7b5e7f485ceb9e5e915
-
SHA512
4a660f769fc3c168892905d2ea0fefee204397003052be032cde90f1c019f5a0e6245f02af000a499abe12e6b1e290195c15621bb1203fee44a166d712f5aa02
-
SSDEEP
3072:0e6EY/PjFtMhvjqqEygi2B5fnjGnf3hi:oR/ZGjqN2s
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-