General
-
Target
cf7dbc44d5164861f17be74e2b483ef9_JaffaCakes118
-
Size
114KB
-
Sample
240906-n9zk4swbqg
-
MD5
cf7dbc44d5164861f17be74e2b483ef9
-
SHA1
353f4dbdb401004f2ba42762c8b9f184b9068bb8
-
SHA256
d4a6d37d2172bf0ff3525429693f17357142c62e61683b3f8adfe614ca56ce6d
-
SHA512
2fb4c4203cc27c1c82697ae0dfee8e272cc149b0fb74c01e50a039735e6794953c40230427ad022d465e2936852da118ed150ef7d3ba8e8b927e054088c68788
-
SSDEEP
3072:/XAtWYKBlVmFGs287FF/oijKH+6moNOYvvmVYz9:fAoYKXVm52sFFgUIO
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://69.194.194.238/pony/gate.php
-
payload_url
http://ftp.ex-fin.sk/0rk5TF.exe
http://archstone.ro/yuzFyjAw.exe
Targets
-
-
Target
cf7dbc44d5164861f17be74e2b483ef9_JaffaCakes118
-
Size
114KB
-
MD5
cf7dbc44d5164861f17be74e2b483ef9
-
SHA1
353f4dbdb401004f2ba42762c8b9f184b9068bb8
-
SHA256
d4a6d37d2172bf0ff3525429693f17357142c62e61683b3f8adfe614ca56ce6d
-
SHA512
2fb4c4203cc27c1c82697ae0dfee8e272cc149b0fb74c01e50a039735e6794953c40230427ad022d465e2936852da118ed150ef7d3ba8e8b927e054088c68788
-
SSDEEP
3072:/XAtWYKBlVmFGs287FF/oijKH+6moNOYvvmVYz9:fAoYKXVm52sFFgUIO
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-