General
-
Target
d3f5979218b6478fd7c36af6f3a6a3e1_JaffaCakes118
-
Size
128KB
-
Sample
240908-kkrx7aydpb
-
MD5
d3f5979218b6478fd7c36af6f3a6a3e1
-
SHA1
e7b7196c20792a2acaf9675effb4f4e1199b42be
-
SHA256
6e44cfe0ac5c919f6363b20df31ba1056b3e44c50831ee9c82152afded66db68
-
SHA512
9ec897729dc25fe5b074ca15abb2535398a2703e2b91de829cd355de4fda71d18b5946de4aa0715e92ba0af0f9db2388adf0e5cc8a3fa6579d19e2371bb23afd
-
SSDEEP
3072:uGHi6mwXfyGLCNpW6ZCNRXUPw8+4O0oG4xAJq:+8f6NpW6ZCv8+zG4y
Malware Config
Extracted
pony
http://67.215.225.205:8080/ponys/gate.php
http://50.116.13.230/ponys/gate.php
-
payload_url
http://build-in.cz/CBopQ0TA/YD94an.exe
http://heincountry.com/Lx38YeDG/PZ2AC.exe
http://waxsurfers.com/KrYtpYBC/a0Y.exe
Targets
-
-
Target
d3f5979218b6478fd7c36af6f3a6a3e1_JaffaCakes118
-
Size
128KB
-
MD5
d3f5979218b6478fd7c36af6f3a6a3e1
-
SHA1
e7b7196c20792a2acaf9675effb4f4e1199b42be
-
SHA256
6e44cfe0ac5c919f6363b20df31ba1056b3e44c50831ee9c82152afded66db68
-
SHA512
9ec897729dc25fe5b074ca15abb2535398a2703e2b91de829cd355de4fda71d18b5946de4aa0715e92ba0af0f9db2388adf0e5cc8a3fa6579d19e2371bb23afd
-
SSDEEP
3072:uGHi6mwXfyGLCNpW6ZCNRXUPw8+4O0oG4xAJq:+8f6NpW6ZCv8+zG4y
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-