General
-
Target
e4c13a6a492252bdb61974fca4ffa3e5_JaffaCakes118
-
Size
128KB
-
Sample
240916-pg9q2sxanh
-
MD5
e4c13a6a492252bdb61974fca4ffa3e5
-
SHA1
0edbce5304e3375b45a61f8b21aa153d3a078c30
-
SHA256
4f3f38f2229dc296021ec88961a1e46e511ea276c5bdeacc0260ed33c70df194
-
SHA512
3edb5662e5fc583727ca95d33f2ba9dfd51cd91d9b8e56e237b8ffcfb44f27603cb263a52b071e06940153c811cf4e21e8819fa7be526691f30a975fd8203562
-
SSDEEP
3072:uGHi6mwP0MRpV5HCa8dXT9M3eyc3TIIDHBRTUmJMcj:+c0MR5HCayX6c3nDHB9Umt
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://216.231.139.111/forum/viewtopic.php
-
payload_url
http://jenisegreggcouture.com/i3AnbAV.exe
http://gelerter.com/x1AZobA.exe
http://www.northeasttreeremoval.com/VDYHGMfH.exe
Targets
-
-
Target
e4c13a6a492252bdb61974fca4ffa3e5_JaffaCakes118
-
Size
128KB
-
MD5
e4c13a6a492252bdb61974fca4ffa3e5
-
SHA1
0edbce5304e3375b45a61f8b21aa153d3a078c30
-
SHA256
4f3f38f2229dc296021ec88961a1e46e511ea276c5bdeacc0260ed33c70df194
-
SHA512
3edb5662e5fc583727ca95d33f2ba9dfd51cd91d9b8e56e237b8ffcfb44f27603cb263a52b071e06940153c811cf4e21e8819fa7be526691f30a975fd8203562
-
SSDEEP
3072:uGHi6mwP0MRpV5HCa8dXT9M3eyc3TIIDHBRTUmJMcj:+c0MR5HCayX6c3nDHB9Umt
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-