General
-
Target
ee3b484473eade906fa4d70aa9e30510_JaffaCakes118
-
Size
151KB
-
Sample
240920-xmdjsssekj
-
MD5
ee3b484473eade906fa4d70aa9e30510
-
SHA1
7f98f5994716be9c7752085bf5af54e4e47bf87a
-
SHA256
44ca2e78a11d2e1f992d78ba635a6444f84f39e85b6558fe7462f7b4537e89aa
-
SHA512
381071af71afb0b580f019c9188427ec9cb100bdf3f77170309771b4eea78d1470b32f2607754ba331140ed9d90909b052f1941caa303d2b5b6b6d4e34e6172f
-
SSDEEP
3072:pK7pS4GXhfwuq9O8y+FG53ZDw+EGzDS/1GTaDZT8WWxDgc2UVbAnA9LcanJL0G6T:EkuZ+kBGC/7b6FYP
Malware Config
Extracted
pony
http://67.215.225.205:8080/forum/viewtopic.php
http://216.231.139.111/forum/viewtopic.php
-
payload_url
http://acwebnet.com/cueT50r.exe
http://grandfoolsderby.com/k3Jz2.exe
http://www.fahrsicherheit-cardrive.de/ZGg.exe
Targets
-
-
Target
ee3b484473eade906fa4d70aa9e30510_JaffaCakes118
-
Size
151KB
-
MD5
ee3b484473eade906fa4d70aa9e30510
-
SHA1
7f98f5994716be9c7752085bf5af54e4e47bf87a
-
SHA256
44ca2e78a11d2e1f992d78ba635a6444f84f39e85b6558fe7462f7b4537e89aa
-
SHA512
381071af71afb0b580f019c9188427ec9cb100bdf3f77170309771b4eea78d1470b32f2607754ba331140ed9d90909b052f1941caa303d2b5b6b6d4e34e6172f
-
SSDEEP
3072:pK7pS4GXhfwuq9O8y+FG53ZDw+EGzDS/1GTaDZT8WWxDgc2UVbAnA9LcanJL0G6T:EkuZ+kBGC/7b6FYP
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-