General
-
Target
e713edbe67a8b7d47c6988a90fc3f80e_JaffaCakes118
-
Size
114KB
-
Sample
240917-sdblmazbnk
-
MD5
e713edbe67a8b7d47c6988a90fc3f80e
-
SHA1
b9b477c62567f3abf4108773a53ae061eb70e078
-
SHA256
14a2ec6c9b36f319b33cc47ac6811546698ed60864aed9d75b95613098d52a9a
-
SHA512
bb9c69197e40e5eada4baae4ad3176d5d3e2792f85040e1d28ad5d4f1a9be166fba4712b5f69e124c3b6ec735f553bb059a031af75c36498c08979b3a8cc49d6
-
SSDEEP
3072:/XAtWYKBlV6rGjYBIzIUISwI9/6moRbqwMX9iJyOl9:fAoYKXV6smIzeKu5MX9iJy
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
-
payload_url
http://acarkent24.com/agX.exe
http://archstone.ro/yuzFyjAw.exe
Targets
-
-
Target
e713edbe67a8b7d47c6988a90fc3f80e_JaffaCakes118
-
Size
114KB
-
MD5
e713edbe67a8b7d47c6988a90fc3f80e
-
SHA1
b9b477c62567f3abf4108773a53ae061eb70e078
-
SHA256
14a2ec6c9b36f319b33cc47ac6811546698ed60864aed9d75b95613098d52a9a
-
SHA512
bb9c69197e40e5eada4baae4ad3176d5d3e2792f85040e1d28ad5d4f1a9be166fba4712b5f69e124c3b6ec735f553bb059a031af75c36498c08979b3a8cc49d6
-
SSDEEP
3072:/XAtWYKBlV6rGjYBIzIUISwI9/6moRbqwMX9iJyOl9:fAoYKXV6smIzeKu5MX9iJy
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-