General
-
Target
d8349c4999320c6bcee81da6eb2b0025_JaffaCakes118
-
Size
96KB
-
Sample
240910-ntdcyascnj
-
MD5
d8349c4999320c6bcee81da6eb2b0025
-
SHA1
2061728bf7b8cdc79a7465b898f7c2ab12d2e845
-
SHA256
912916210d751bc8ba22ea084f57e1f48114009b5696c1243ed7e30107a0db19
-
SHA512
fae6ebab6b1fcff24f98f134f5cb2df76b6916168285b5b7d9ad04ae11964598d91e9ea0f84f65ac23867997bc13515e338da9debb3b2b3cf2de5b7a53da8d2a
-
SSDEEP
1536:lFcBAN+70sm2fZGU1+K5Rb6hjOak2KBA7TNedCQy+X4iOCndWhX:v8A/rOZGU1+KvbBajw8TNuPygshX
Malware Config
Extracted
pony
http://88.85.99.44:8080/ponychin/gate.php
http://91.121.140.103:8080/ponychin/gate.php
http://91.121.178.156:8080/ponychin/gate.php
-
payload_url
http://balzo.hu/5sh.exe
http://sytsuministros.com/3w34M.exe
http://parathalasso.gr/M45UKKKG.exe
Targets
-
-
Target
d8349c4999320c6bcee81da6eb2b0025_JaffaCakes118
-
Size
96KB
-
MD5
d8349c4999320c6bcee81da6eb2b0025
-
SHA1
2061728bf7b8cdc79a7465b898f7c2ab12d2e845
-
SHA256
912916210d751bc8ba22ea084f57e1f48114009b5696c1243ed7e30107a0db19
-
SHA512
fae6ebab6b1fcff24f98f134f5cb2df76b6916168285b5b7d9ad04ae11964598d91e9ea0f84f65ac23867997bc13515e338da9debb3b2b3cf2de5b7a53da8d2a
-
SSDEEP
1536:lFcBAN+70sm2fZGU1+K5Rb6hjOak2KBA7TNedCQy+X4iOCndWhX:v8A/rOZGU1+KvbBajw8TNuPygshX
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-