General
-
Target
eef4f061469e3df5384584987db4d16f_JaffaCakes118
-
Size
172KB
-
Sample
240921-dlh84sscqr
-
MD5
eef4f061469e3df5384584987db4d16f
-
SHA1
3beb5ef06daa5ef1dc3fb6ed98808c117852c31f
-
SHA256
2fcbd87058195094635c6f9c914c259ec7e81b14b5ca0e793d7e89411f545053
-
SHA512
6afbf4fa7e6b40af8513ce5d3ffa0245c7114fa0f7543c2fcc256d5c386f77c9880b796f34a4f946ec8e938fd77f48a810e478a98f3d30acae37a01d636ec0af
-
SSDEEP
3072:0pXwGnhV1v7/99ZYKsy16O/4KZh+3EOW3aoDrBsKceXL:jg9T9HY81/hZQUOMaoDdsKp
Malware Config
Extracted
pony
http://108.166.65.182:8080/pony/gate.php
http://aloucakbileti.com:8080/pony/gate.php
-
payload_url
http://referti.girlandoeparavizzini.com/hdMwZDqk/x7z.exe
http://akradugunsalonlari.com/k0g2Cgr9/nn4hWpH.exe
Targets
-
-
Target
eef4f061469e3df5384584987db4d16f_JaffaCakes118
-
Size
172KB
-
MD5
eef4f061469e3df5384584987db4d16f
-
SHA1
3beb5ef06daa5ef1dc3fb6ed98808c117852c31f
-
SHA256
2fcbd87058195094635c6f9c914c259ec7e81b14b5ca0e793d7e89411f545053
-
SHA512
6afbf4fa7e6b40af8513ce5d3ffa0245c7114fa0f7543c2fcc256d5c386f77c9880b796f34a4f946ec8e938fd77f48a810e478a98f3d30acae37a01d636ec0af
-
SSDEEP
3072:0pXwGnhV1v7/99ZYKsy16O/4KZh+3EOW3aoDrBsKceXL:jg9T9HY81/hZQUOMaoDdsKp
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-