General
-
Target
e259e1f305f685e274054612accac213_JaffaCakes118
-
Size
114KB
-
Sample
240915-na81ha1gmm
-
MD5
e259e1f305f685e274054612accac213
-
SHA1
07173f4509e7240441b1bf3fc964ab6ad2973ae8
-
SHA256
55bfdf2efec2e993ac2b39e16b4357d9be1cac67ecd34552ecf772f4a6a03c0d
-
SHA512
397c53d09c9594498b4594247430a467e336ce78839ef22acf03fa1daf62a426f460d69e885abee7daeef49177f28a3bb732f5c88f48d09d041c1da866142da1
-
SSDEEP
3072:/XAtWYKBlV5aGCNDpILTKAO6moNOPDN3UYz9:fAoYKXV5AJpIkzh
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://209.59.217.93/pony/gate.php
-
payload_url
http://ftp.ex-fin.sk/0rk5TF.exe
http://archstone.ro/yuzFyjAw.exe
Targets
-
-
Target
e259e1f305f685e274054612accac213_JaffaCakes118
-
Size
114KB
-
MD5
e259e1f305f685e274054612accac213
-
SHA1
07173f4509e7240441b1bf3fc964ab6ad2973ae8
-
SHA256
55bfdf2efec2e993ac2b39e16b4357d9be1cac67ecd34552ecf772f4a6a03c0d
-
SHA512
397c53d09c9594498b4594247430a467e336ce78839ef22acf03fa1daf62a426f460d69e885abee7daeef49177f28a3bb732f5c88f48d09d041c1da866142da1
-
SSDEEP
3072:/XAtWYKBlV5aGCNDpILTKAO6moNOPDN3UYz9:fAoYKXV5AJpIkzh
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-