General
-
Target
d442810489c68a14f378903f1563d3f0_JaffaCakes118
-
Size
114KB
-
Sample
240908-nng4yawcmd
-
MD5
d442810489c68a14f378903f1563d3f0
-
SHA1
39c6eef8c47a8d20b67eda7145f923f9ac2fe7bd
-
SHA256
3fe21d3c610bb2b3ca2d861a3bd565292ac26e8a70d3c8238ea4a7ac7f793798
-
SHA512
9cef3cea59ec88fa530df7c5bef505aa507a8d4a6b41fbc711d2a6d7dfdae41277370487b9f9f105e7da268978c8b51fbbc2c7d585a526df67cae5a3be37bce9
-
SSDEEP
3072:/XAtWYKBlVrvGX0OtgdpjyOZToXC106morLgFMlyVTJ69:fAoYKXVrj3jZZOfYeTJ
Malware Config
Extracted
pony
http://66.175.212.25/pony/gate.php
http://69.194.194.238/pony/gate.php
-
payload_url
http://www.hipermak.com.tr/EFepvrwR/oGXyM.exe
http://caoepesca.com.br/UsYPhTQk/bb1.exe
http://formatravel.com.ar/DbbL9XPB/S4Tg7.exe
Targets
-
-
Target
d442810489c68a14f378903f1563d3f0_JaffaCakes118
-
Size
114KB
-
MD5
d442810489c68a14f378903f1563d3f0
-
SHA1
39c6eef8c47a8d20b67eda7145f923f9ac2fe7bd
-
SHA256
3fe21d3c610bb2b3ca2d861a3bd565292ac26e8a70d3c8238ea4a7ac7f793798
-
SHA512
9cef3cea59ec88fa530df7c5bef505aa507a8d4a6b41fbc711d2a6d7dfdae41277370487b9f9f105e7da268978c8b51fbbc2c7d585a526df67cae5a3be37bce9
-
SSDEEP
3072:/XAtWYKBlVrvGX0OtgdpjyOZToXC106morLgFMlyVTJ69:fAoYKXVrj3jZZOfYeTJ
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-