General
-
Target
df25bb424c6a58c490f3980cce7f0169_JaffaCakes118
-
Size
134KB
-
Sample
240914-ajyn8sxdqb
-
MD5
df25bb424c6a58c490f3980cce7f0169
-
SHA1
2d20ce53ca46a4685fe5a8170805f905caa1f0af
-
SHA256
03c5cabfb75ca685eb641c19bd09595c266dc4d4f8786f746ecb5cf57a2c12b9
-
SHA512
9faa08fb587a0ff0534cfbced006685384b12e9f436eae2cafcf0ccc1a6f74fc422352bb070531a4beb379155b4c62f948800e549cfabecc8919895f0fdb64af
-
SSDEEP
3072:RPY1lfv+sOZxHPvBK/EruMXnhV/d+uyi:GFOPRVUuX
Malware Config
Extracted
pony
http://212.58.20.11:8080/pony/gate.php
http://74.91.117.208/pony/gate.php
-
payload_url
http://ftp.webdensiparis.com/nZ44f.exe
http://impressive.cyber.predelegation.com/VyQzNz0.exe
http://www.leosunshine.ro/a2uGw6.exe
http://tempo-www.asepta.com/LEq.exe
http://polypak.com.br/As1tLD.exe
http://piramidemusic.com.br/EBX1pLKT.exe
Targets
-
-
Target
df25bb424c6a58c490f3980cce7f0169_JaffaCakes118
-
Size
134KB
-
MD5
df25bb424c6a58c490f3980cce7f0169
-
SHA1
2d20ce53ca46a4685fe5a8170805f905caa1f0af
-
SHA256
03c5cabfb75ca685eb641c19bd09595c266dc4d4f8786f746ecb5cf57a2c12b9
-
SHA512
9faa08fb587a0ff0534cfbced006685384b12e9f436eae2cafcf0ccc1a6f74fc422352bb070531a4beb379155b4c62f948800e549cfabecc8919895f0fdb64af
-
SSDEEP
3072:RPY1lfv+sOZxHPvBK/EruMXnhV/d+uyi:GFOPRVUuX
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-