General
-
Target
d6e2002e92dd7f2a6c8f56e6b9830c55_JaffaCakes118
-
Size
93KB
-
Sample
240909-w8f2datalm
-
MD5
d6e2002e92dd7f2a6c8f56e6b9830c55
-
SHA1
3d00c73ab48aafc0dab6ff24790844229303f0c9
-
SHA256
8c1f88da8f4519a169e6547aa847c5fc95265186775b044293d6e1888c5af140
-
SHA512
eca77be4cf186a5d83a7465d8837b106e9a12cf95edd33aef4f3a01449013db9add78371bb662d65bb9e2b0b9641380a906093c8e6645523f1f925d2db595cd7
-
SSDEEP
1536:iPKirFSX/zGWmMwdCdDQq7umjMpMBnVyfhq4RfmKKaMGu:x3vzGowdCdJ7TmLJmXf
Malware Config
Targets
-
-
Target
d6e2002e92dd7f2a6c8f56e6b9830c55_JaffaCakes118
-
Size
93KB
-
MD5
d6e2002e92dd7f2a6c8f56e6b9830c55
-
SHA1
3d00c73ab48aafc0dab6ff24790844229303f0c9
-
SHA256
8c1f88da8f4519a169e6547aa847c5fc95265186775b044293d6e1888c5af140
-
SHA512
eca77be4cf186a5d83a7465d8837b106e9a12cf95edd33aef4f3a01449013db9add78371bb662d65bb9e2b0b9641380a906093c8e6645523f1f925d2db595cd7
-
SSDEEP
1536:iPKirFSX/zGWmMwdCdDQq7umjMpMBnVyfhq4RfmKKaMGu:x3vzGowdCdJ7TmLJmXf
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-