General
-
Target
e534abf1d0c20ef5d27fbabfc7d39604_JaffaCakes118
-
Size
132KB
-
Sample
240916-vfk9ysyfjh
-
MD5
e534abf1d0c20ef5d27fbabfc7d39604
-
SHA1
f6f74dc2d9d03b82b83bef774f968c46a36ea000
-
SHA256
23083225522b9e42322f8290b0f623c2ceafe43d1215950ddc59d6db90f703c1
-
SHA512
bd814e77c11bee72541bfe999fc0a47b5a3f8b3e571c1bec458a0df8f4287e7d883e5bde5f1e1ff2d4eb9a417ace90b806c80ff4d0a6e4dadf7f1c6caf872f57
-
SSDEEP
3072:DfbmUkNmOJUwwbO6Bmz9QKtOMGDSg3KxnP:jb/k76ZB29IMir3W
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://209.59.219.55/forum/viewtopic.php
-
payload_url
http://ftp.approachit.com/jZy.exe
http://atualizacoes.issqn.net/FhPD.exe
http://tokulances.sitebr.net/jV1.exe
Targets
-
-
Target
e534abf1d0c20ef5d27fbabfc7d39604_JaffaCakes118
-
Size
132KB
-
MD5
e534abf1d0c20ef5d27fbabfc7d39604
-
SHA1
f6f74dc2d9d03b82b83bef774f968c46a36ea000
-
SHA256
23083225522b9e42322f8290b0f623c2ceafe43d1215950ddc59d6db90f703c1
-
SHA512
bd814e77c11bee72541bfe999fc0a47b5a3f8b3e571c1bec458a0df8f4287e7d883e5bde5f1e1ff2d4eb9a417ace90b806c80ff4d0a6e4dadf7f1c6caf872f57
-
SSDEEP
3072:DfbmUkNmOJUwwbO6Bmz9QKtOMGDSg3KxnP:jb/k76ZB29IMir3W
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-