General
-
Target
eccc571ef0ea70c317650d7d020031ad_JaffaCakes118
-
Size
128KB
-
Sample
240920-ehs5ksxcqf
-
MD5
eccc571ef0ea70c317650d7d020031ad
-
SHA1
91f0aa1a6d7f3532578eea7e069e3f7bbc3217e5
-
SHA256
dc59bae2495576c6a06ade9c1576da9b572093d131a269b3aae6a6d059d32046
-
SHA512
a18f069851ad3c4c012a8505324c6f5c94029165a958672e2d94a2ccdc70063122fa7e1e483ca7708d20cbd850bced99d74981ae6cc38b23e649b1727b58b01c
-
SSDEEP
1536:FhwDXDn0+jszCLl58gFol7hEMeeuxr9k++ntgt3qZKh5vH6hISQNLaS:FODXDnI8H8g2lN8RJCBntgMZQShS
Malware Config
Extracted
pony
http://50.116.54.37/forum/viewtopic.php
http://209.59.222.174/forum/viewtopic.php
-
payload_url
http://sprinksys.com/kWWCPfd.exe
http://planenrs.com.br/yYXQ.exe
http://www.fahrsicherheit-cardrive.de/ZGg.exe
Targets
-
-
Target
eccc571ef0ea70c317650d7d020031ad_JaffaCakes118
-
Size
128KB
-
MD5
eccc571ef0ea70c317650d7d020031ad
-
SHA1
91f0aa1a6d7f3532578eea7e069e3f7bbc3217e5
-
SHA256
dc59bae2495576c6a06ade9c1576da9b572093d131a269b3aae6a6d059d32046
-
SHA512
a18f069851ad3c4c012a8505324c6f5c94029165a958672e2d94a2ccdc70063122fa7e1e483ca7708d20cbd850bced99d74981ae6cc38b23e649b1727b58b01c
-
SSDEEP
1536:FhwDXDn0+jszCLl58gFol7hEMeeuxr9k++ntgt3qZKh5vH6hISQNLaS:FODXDnI8H8g2lN8RJCBntgMZQShS
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-