General
-
Target
efdf4a8025436bcf21900e8cf6987c7c_JaffaCakes118
-
Size
44KB
-
Sample
240921-qg34yateqa
-
MD5
efdf4a8025436bcf21900e8cf6987c7c
-
SHA1
c10269401a4f2f9318848d262fd4492cf72abb78
-
SHA256
a12ce4ab99872c678b4cc663a88c8e8fad800e2ff4ee8151cae547ccc477520a
-
SHA512
1807349181a4d61585d1ff2d5d8ec627890676c15cfbe0d72aac0cca6954e38717bc115d4ed7914db43bd26ac656b19e76f07f5abbd5990fcf60d16b428003e6
-
SSDEEP
768:iSDMqQyzyQ2TseidLB9UB6ntMsoEMxTfORTZ3oX9vHd3VXbEr3XPmWTDX8/XZN4Y:VDMqVzyQRhd1HVMR83oX9v9AXuWH8/Xn
Malware Config
Targets
-
-
Target
efdf4a8025436bcf21900e8cf6987c7c_JaffaCakes118
-
Size
44KB
-
MD5
efdf4a8025436bcf21900e8cf6987c7c
-
SHA1
c10269401a4f2f9318848d262fd4492cf72abb78
-
SHA256
a12ce4ab99872c678b4cc663a88c8e8fad800e2ff4ee8151cae547ccc477520a
-
SHA512
1807349181a4d61585d1ff2d5d8ec627890676c15cfbe0d72aac0cca6954e38717bc115d4ed7914db43bd26ac656b19e76f07f5abbd5990fcf60d16b428003e6
-
SSDEEP
768:iSDMqQyzyQ2TseidLB9UB6ntMsoEMxTfORTZ3oX9vHd3VXbEr3XPmWTDX8/XZN4Y:VDMqVzyQRhd1HVMR83oX9v9AXuWH8/Xn
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-