General
-
Target
e4a9112aa8dc2ab814b97f029e40da2d_JaffaCakes118
-
Size
188KB
-
Sample
240916-nf245svbrb
-
MD5
e4a9112aa8dc2ab814b97f029e40da2d
-
SHA1
5d87baf534c71b0d45ec94e317ca493472a83bc7
-
SHA256
fe8ff822e13252086999ab0e7e49d006f183224d861895cdf5739624d70aeb3c
-
SHA512
b5dd2118f563f49ca7e1d67cdb3da708eba174a5f091530f76282f9112919ba2b792998768ee16a35c2e488328f53f60ae9caad4f3032baa0c97856bf7174ac4
-
SSDEEP
3072:/RMd80RZaVEVbq0OnPAXyC0FVPbi+n5noGH30TD:/OdLRZtGvnPAXn0jzz5o2I
Malware Config
Extracted
pony
http://213.155.112.84:8080/forum/viewtopic.php
http://213.155.112.85:8080/forum/viewtopic.php
-
payload_url
http://congres.eska.fr/HRb1AQC.exe
http://www.heliophos.com/aq4Aju.exe
http://www.Uniqueonlinejobs.us/6M0CRvB.exe
http://anthemmedia.com/FwLQgJ.exe
http://afyonmatbaa.com/A3td.exe
Targets
-
-
Target
e4a9112aa8dc2ab814b97f029e40da2d_JaffaCakes118
-
Size
188KB
-
MD5
e4a9112aa8dc2ab814b97f029e40da2d
-
SHA1
5d87baf534c71b0d45ec94e317ca493472a83bc7
-
SHA256
fe8ff822e13252086999ab0e7e49d006f183224d861895cdf5739624d70aeb3c
-
SHA512
b5dd2118f563f49ca7e1d67cdb3da708eba174a5f091530f76282f9112919ba2b792998768ee16a35c2e488328f53f60ae9caad4f3032baa0c97856bf7174ac4
-
SSDEEP
3072:/RMd80RZaVEVbq0OnPAXyC0FVPbi+n5noGH30TD:/OdLRZtGvnPAXn0jzz5o2I
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-