General
-
Target
e7160a7bd687e7adccdd6c1f0eeb2edf_JaffaCakes118
-
Size
180KB
-
Sample
240917-sfvghszcnr
-
MD5
e7160a7bd687e7adccdd6c1f0eeb2edf
-
SHA1
bcf24aab1eaabffbc571c6b02e223b9342fccd2a
-
SHA256
f74ec5b867dcaad0a9649a1f3d9652730ad9542a30c7e593fe0b16efad57dda0
-
SHA512
b28e11a3985dae25d584d31d8c9fd69549d6a261e94bf51b5277c69cbbf8dd0240ddd22953fa788a1622abc2bdcd17b35faf8eea667417d8e57a99f520a2896c
-
SSDEEP
3072:QH6X66666666666666v666q63HbWd2yyAwV6PGyxUEAkkOb8666666666666666a:46X66666666666666v666q63bWdPFna/
Malware Config
Extracted
pony
http://108.178.59.26/forum/viewtopic.php
http://209.59.223.7/forum/viewtopic.php
-
payload_url
http://galiyoga.co.il/XKZW.exe
http://newsket.com/c0a7mV.exe
http://artgallerieswa.com/tCwhp.exe
Targets
-
-
Target
e7160a7bd687e7adccdd6c1f0eeb2edf_JaffaCakes118
-
Size
180KB
-
MD5
e7160a7bd687e7adccdd6c1f0eeb2edf
-
SHA1
bcf24aab1eaabffbc571c6b02e223b9342fccd2a
-
SHA256
f74ec5b867dcaad0a9649a1f3d9652730ad9542a30c7e593fe0b16efad57dda0
-
SHA512
b28e11a3985dae25d584d31d8c9fd69549d6a261e94bf51b5277c69cbbf8dd0240ddd22953fa788a1622abc2bdcd17b35faf8eea667417d8e57a99f520a2896c
-
SSDEEP
3072:QH6X66666666666666v666q63HbWd2yyAwV6PGyxUEAkkOb8666666666666666a:46X66666666666666v666q63bWdPFna/
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-