General
-
Target
e8906c5b13a46190c0b8dd48fbad50ec_JaffaCakes118
-
Size
103KB
-
Sample
240918-hsy1csydrr
-
MD5
e8906c5b13a46190c0b8dd48fbad50ec
-
SHA1
f91d749a32153e4b7df2eade68f835530fe782df
-
SHA256
ab56b7455c3bc3ebef7932d0c49ac358e863de43f0766912389a87cae0b6103a
-
SHA512
4eb492eeefd413edd8719987b2bea2c9e54b3148844efecbf8f1343d4a9ce593b5db99e565c503d72aabb4c2d6b5bd4c86417a86091068546de7ade0084c8403
-
SSDEEP
1536:ZVuUw99IxqTHWc2qg43eGfpazd4OfupBgWCOhAYRpTvMEIdkzZhwMhw:Tuvfg43eGfpyd4kBOhIEIehwp
Malware Config
Extracted
pony
http://182.23.41.20:8080/pony/gate.php
http://108.178.59.15/pony/gate.php
-
payload_url
http://www.artevoz.com.br/9D0JP.exe
http://costabrasileira.com.br/JcLHb3DA.exe
http://secretulmeu.eu/eozgC.exe
Targets
-
-
Target
e8906c5b13a46190c0b8dd48fbad50ec_JaffaCakes118
-
Size
103KB
-
MD5
e8906c5b13a46190c0b8dd48fbad50ec
-
SHA1
f91d749a32153e4b7df2eade68f835530fe782df
-
SHA256
ab56b7455c3bc3ebef7932d0c49ac358e863de43f0766912389a87cae0b6103a
-
SHA512
4eb492eeefd413edd8719987b2bea2c9e54b3148844efecbf8f1343d4a9ce593b5db99e565c503d72aabb4c2d6b5bd4c86417a86091068546de7ade0084c8403
-
SSDEEP
1536:ZVuUw99IxqTHWc2qg43eGfpazd4OfupBgWCOhAYRpTvMEIdkzZhwMhw:Tuvfg43eGfpyd4kBOhIEIehwp
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-