General
-
Target
dbd8d00ddc5e803b7b19bd139868fe90_JaffaCakes118
-
Size
92KB
-
Sample
240912-fjeh9ascjl
-
MD5
dbd8d00ddc5e803b7b19bd139868fe90
-
SHA1
57fd025284d957e6127fdf105df7a79de0daac6f
-
SHA256
1e37041e6d42a7c256c6efe06380fbbd581da62875e463372d4db4eaea60eb4b
-
SHA512
99b5322f094717531016cfb3f6f19fd1c17dfbeec56f80649b17a805fbb22d305b5187bad6670763ef29116d53baae64657425498d5139d6491e61e16df69da1
-
SSDEEP
1536:snkZ2rh/aqTTUQM+twzmLwMi1V7q3g5dely5On1TvQkzbkjql/A:tM9/pMMcvaGOnvyql/A
Malware Config
Extracted
pony
http://clue.darkbastard.com.de/panel/gate.php
Targets
-
-
Target
dbd8d00ddc5e803b7b19bd139868fe90_JaffaCakes118
-
Size
92KB
-
MD5
dbd8d00ddc5e803b7b19bd139868fe90
-
SHA1
57fd025284d957e6127fdf105df7a79de0daac6f
-
SHA256
1e37041e6d42a7c256c6efe06380fbbd581da62875e463372d4db4eaea60eb4b
-
SHA512
99b5322f094717531016cfb3f6f19fd1c17dfbeec56f80649b17a805fbb22d305b5187bad6670763ef29116d53baae64657425498d5139d6491e61e16df69da1
-
SSDEEP
1536:snkZ2rh/aqTTUQM+twzmLwMi1V7q3g5dely5On1TvQkzbkjql/A:tM9/pMMcvaGOnvyql/A
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-