General
-
Target
dcaae83ca18ac66b062636ede449e9b2_JaffaCakes118
-
Size
114KB
-
Sample
240912-vkc45svdkh
-
MD5
dcaae83ca18ac66b062636ede449e9b2
-
SHA1
e204b60f48bed7f42d22d7f9376814048fdb13aa
-
SHA256
d6abdcd3e166df480fd9db489fefc481ca11489758e1122d97af22b0d2f470d8
-
SHA512
2a78a64b5f05b62b82a8518a3af366aa5bfa23bd977f90aba26a123de12f7af2f7cbeb4f1373eaab723b8c529c4a42d6bdf9deb95c46da955e4e783045ac2775
-
SSDEEP
3072:/XAtWYKBlV2LGaw/D9X9vGT+k6moNOT7MYz9:fAoYKXV2p49X+DL
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://66.175.217.203/pony/gate.php
-
payload_url
http://acarkent24.com/agX.exe
http://archstone.ro/yuzFyjAw.exe
Targets
-
-
Target
dcaae83ca18ac66b062636ede449e9b2_JaffaCakes118
-
Size
114KB
-
MD5
dcaae83ca18ac66b062636ede449e9b2
-
SHA1
e204b60f48bed7f42d22d7f9376814048fdb13aa
-
SHA256
d6abdcd3e166df480fd9db489fefc481ca11489758e1122d97af22b0d2f470d8
-
SHA512
2a78a64b5f05b62b82a8518a3af366aa5bfa23bd977f90aba26a123de12f7af2f7cbeb4f1373eaab723b8c529c4a42d6bdf9deb95c46da955e4e783045ac2775
-
SSDEEP
3072:/XAtWYKBlV2LGaw/D9X9vGT+k6moNOT7MYz9:fAoYKXV2p49X+DL
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-