General
-
Target
ea0b4a48e0b7cc0767f2f6a5deaef4ad_JaffaCakes118
-
Size
153KB
-
Sample
240918-1v1k3svfjb
-
MD5
ea0b4a48e0b7cc0767f2f6a5deaef4ad
-
SHA1
29f794b551fb9f34b2df5968ac636b3260bfd04a
-
SHA256
3eab5057bf84ecb642998e9d0e3a753d39ea6a656e54519e1759eede88bca475
-
SHA512
61078025239beb46d4988312645db894802422bcbd792198ee2d0b548812d57bb0a6721bc0efce141816a6cfb8bec5dce6756e8048091f84606ae84df3d662c1
-
SSDEEP
3072:d2jpmyvLmkJeOAZjaK+59YPROmx+k0EbEDzHKrUiWzhejJ:Y5MT0KLJOmx+Sb+zH8Cz
Malware Config
Extracted
pony
http://66.55.89.149:8080/forum/viewtopic.php
http://66.55.89.150:8080/forum/viewtopic.php
-
payload_url
http://www.rsproyecto2.com/m4XY.exe
Targets
-
-
Target
ea0b4a48e0b7cc0767f2f6a5deaef4ad_JaffaCakes118
-
Size
153KB
-
MD5
ea0b4a48e0b7cc0767f2f6a5deaef4ad
-
SHA1
29f794b551fb9f34b2df5968ac636b3260bfd04a
-
SHA256
3eab5057bf84ecb642998e9d0e3a753d39ea6a656e54519e1759eede88bca475
-
SHA512
61078025239beb46d4988312645db894802422bcbd792198ee2d0b548812d57bb0a6721bc0efce141816a6cfb8bec5dce6756e8048091f84606ae84df3d662c1
-
SSDEEP
3072:d2jpmyvLmkJeOAZjaK+59YPROmx+k0EbEDzHKrUiWzhejJ:Y5MT0KLJOmx+Sb+zH8Cz
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-