General
-
Target
dbb5b702aafdcbb35bd2ef49a7661fe0_JaffaCakes118
-
Size
144KB
-
Sample
240912-dqy55aycnn
-
MD5
dbb5b702aafdcbb35bd2ef49a7661fe0
-
SHA1
db5ebe7c1d4e16eb1765fcda38b6a394573fe90b
-
SHA256
2c602d607aa21801641a4d2b8888089026116da5e7750969024619f1e25b8dbb
-
SHA512
ec094284a2dcfa43f988506e7b2af44c814ee0c700dc12699c4262d1f119c35182601d22fadda318256039e19bed9390162b84774a00b0ecfdfd30c67400e547
-
SSDEEP
3072:XLLCrvrNL8RhtNo0YnOE369ePlQ+GZPc/tD3:CPNklYnOKQedfh/B
Malware Config
Extracted
pony
http://www.alberghi.com:8080/pony/gate.php
http://buyandsmile.atomclick.co:8080/pony/gate.php
-
payload_url
http://www.biroform.com.mk/vibBmja6/fc0nJ.exe
http://maypijamas.com.br/smZu5CrX/ivKaeKj.exe
http://www.z-bid-z.com/1Ypg1X1N/ZMSQW.exe
Targets
-
-
Target
dbb5b702aafdcbb35bd2ef49a7661fe0_JaffaCakes118
-
Size
144KB
-
MD5
dbb5b702aafdcbb35bd2ef49a7661fe0
-
SHA1
db5ebe7c1d4e16eb1765fcda38b6a394573fe90b
-
SHA256
2c602d607aa21801641a4d2b8888089026116da5e7750969024619f1e25b8dbb
-
SHA512
ec094284a2dcfa43f988506e7b2af44c814ee0c700dc12699c4262d1f119c35182601d22fadda318256039e19bed9390162b84774a00b0ecfdfd30c67400e547
-
SSDEEP
3072:XLLCrvrNL8RhtNo0YnOE369ePlQ+GZPc/tD3:CPNklYnOKQedfh/B
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-