General
-
Target
dacbfb1fdf6ce7a97b4e6a1919935804_JaffaCakes118
-
Size
194KB
-
Sample
240911-vb3y7s1fjn
-
MD5
dacbfb1fdf6ce7a97b4e6a1919935804
-
SHA1
436580935e7fd17f8caf8aaf2ccbbd9db33425df
-
SHA256
9057a8cb072a758861f39990380ae4ba93577c12beddb3f55c10b387c0a22cdf
-
SHA512
790fef48d5661cc23d9a5fb359d70c407b273e2c9ef989f8e3fc5548277de503f2ee5d4c41b4484efb3da5099a1bb8da429a7b3df4695cc7defae52cfa826036
-
SSDEEP
3072:a7gMU6sCA7grerKkrjcX4YfQKwcBMAitqs1oz:aq69AQepbNfcC4
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
Targets
-
-
Target
dacbfb1fdf6ce7a97b4e6a1919935804_JaffaCakes118
-
Size
194KB
-
MD5
dacbfb1fdf6ce7a97b4e6a1919935804
-
SHA1
436580935e7fd17f8caf8aaf2ccbbd9db33425df
-
SHA256
9057a8cb072a758861f39990380ae4ba93577c12beddb3f55c10b387c0a22cdf
-
SHA512
790fef48d5661cc23d9a5fb359d70c407b273e2c9ef989f8e3fc5548277de503f2ee5d4c41b4484efb3da5099a1bb8da429a7b3df4695cc7defae52cfa826036
-
SSDEEP
3072:a7gMU6sCA7grerKkrjcX4YfQKwcBMAitqs1oz:aq69AQepbNfcC4
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-