General
-
Target
ee76d731fbe00fb0972b9a056410748f_JaffaCakes118
-
Size
129KB
-
Sample
240920-1e2s7syhja
-
MD5
ee76d731fbe00fb0972b9a056410748f
-
SHA1
ef260b71a09132fbd7c508adfef6aa9da449d049
-
SHA256
babc8ad58da552a4684275f4bbf8c859b8f21e165c7ffad2c94a5dfe44c29cc6
-
SHA512
3383045dd472e61ee69d420dd7614909c310bfe0447c6a973e6ebc05fdf84f27d6da3b7172450be3a9a319ac7165b066591b860208aeb3f6c857cbe0e9e10cca
-
SSDEEP
1536:UUBiFqtXmPmgC9vcALxqfzNf1mMsOmXFvS6BH8PoIcQKw/0i3JGHjYpr8YC6ZK99:UOn16mg2vRsfdDJKq6J8dlGDIYzx+
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://69.194.192.234/forum/viewtopic.php
-
payload_url
http://ftp.approachit.com/jZy.exe
http://atualizacoes.issqn.net/FhPD.exe
http://tokulances.sitebr.net/jV1.exe
Targets
-
-
Target
ee76d731fbe00fb0972b9a056410748f_JaffaCakes118
-
Size
129KB
-
MD5
ee76d731fbe00fb0972b9a056410748f
-
SHA1
ef260b71a09132fbd7c508adfef6aa9da449d049
-
SHA256
babc8ad58da552a4684275f4bbf8c859b8f21e165c7ffad2c94a5dfe44c29cc6
-
SHA512
3383045dd472e61ee69d420dd7614909c310bfe0447c6a973e6ebc05fdf84f27d6da3b7172450be3a9a319ac7165b066591b860208aeb3f6c857cbe0e9e10cca
-
SSDEEP
1536:UUBiFqtXmPmgC9vcALxqfzNf1mMsOmXFvS6BH8PoIcQKw/0i3JGHjYpr8YC6ZK99:UOn16mg2vRsfdDJKq6J8dlGDIYzx+
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-