General
-
Target
d3cab6fafd967de9c35467865c5e787c_JaffaCakes118
-
Size
82KB
-
Sample
240908-hp6k2avbmf
-
MD5
d3cab6fafd967de9c35467865c5e787c
-
SHA1
6ab718d581cebcf88b7201ae5314e618e0c17ddb
-
SHA256
69b1036087be558160b3d9f660bdb8a769fb13b50ac591c44466057d1465f16d
-
SHA512
a286fceff4499ff69027c11c3913beecc1f6ba207fffa12fb29e3a7ec20efb0c20d18f9fda6d2c28404652053cab1b357347690d19f467452e425e7044eab268
-
SSDEEP
1536:vi5FUTWYGWpZj1h8LoXSLd98/y4+nmJ//EW+LgXAmtXwogpvbagxCxw:iFUThpZjQ8H0s/ECQmtXVgwgT
Malware Config
Targets
-
-
Target
d3cab6fafd967de9c35467865c5e787c_JaffaCakes118
-
Size
82KB
-
MD5
d3cab6fafd967de9c35467865c5e787c
-
SHA1
6ab718d581cebcf88b7201ae5314e618e0c17ddb
-
SHA256
69b1036087be558160b3d9f660bdb8a769fb13b50ac591c44466057d1465f16d
-
SHA512
a286fceff4499ff69027c11c3913beecc1f6ba207fffa12fb29e3a7ec20efb0c20d18f9fda6d2c28404652053cab1b357347690d19f467452e425e7044eab268
-
SSDEEP
1536:vi5FUTWYGWpZj1h8LoXSLd98/y4+nmJ//EW+LgXAmtXwogpvbagxCxw:iFUThpZjQ8H0s/ECQmtXVgwgT
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-