General
-
Target
ed25e9d5564a50f254a3c1874489f8ab_JaffaCakes118
-
Size
114KB
-
Sample
240920-jsglrawglj
-
MD5
ed25e9d5564a50f254a3c1874489f8ab
-
SHA1
46d6543c07b9ea75b4549125cbd44ac3adf7a8f9
-
SHA256
81527d7cf34b47fc1d671d479f3b05e4613d1bb337e53387bc4401b6152316d5
-
SHA512
96741e913732cbed393a6f281fcff5486b1dff8df294b80a11b2e0b6422ea9051efcecca96ea506ef10e96f570a3125a7a41ce6450d16ddd56165b62f7f26e64
-
SSDEEP
3072:/XAtWYKBlVaMGYhLUw8Ytgu/so6mo4+sJpYO9:fAoYKXVasxUwKohH
Malware Config
Extracted
pony
http://searceapps.com:8080/pony/gate.php
-
payload_url
http://www.hipermak.com.tr/EFepvrwR/oGXyM.exe
http://caoepesca.com.br/UsYPhTQk/bb1.exe
http://hal9000.ehost-services142.com/N53S3poG/HYimEh7.exe
Targets
-
-
Target
ed25e9d5564a50f254a3c1874489f8ab_JaffaCakes118
-
Size
114KB
-
MD5
ed25e9d5564a50f254a3c1874489f8ab
-
SHA1
46d6543c07b9ea75b4549125cbd44ac3adf7a8f9
-
SHA256
81527d7cf34b47fc1d671d479f3b05e4613d1bb337e53387bc4401b6152316d5
-
SHA512
96741e913732cbed393a6f281fcff5486b1dff8df294b80a11b2e0b6422ea9051efcecca96ea506ef10e96f570a3125a7a41ce6450d16ddd56165b62f7f26e64
-
SSDEEP
3072:/XAtWYKBlVaMGYhLUw8Ytgu/so6mo4+sJpYO9:fAoYKXVasxUwKohH
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-