General
-
Target
f20b50690cf973ff33280b734ff27c1d_JaffaCakes118
-
Size
93KB
-
Sample
240922-pxc21szfjk
-
MD5
f20b50690cf973ff33280b734ff27c1d
-
SHA1
bc0eb281f4922113930e9f7949a944af5babad3d
-
SHA256
3b432d0b1c93f3c7487015f460b2f8cd4842e3d83e9bc154751b8c7594b3ebc4
-
SHA512
61b2831a9199d641fc890fb5f80b7319117154885886a28d3ee619459b6cd0055e171f778f224aad9e7740559ac5df83cbeb6063ebefc39d3d72b67f4eb6b5a2
-
SSDEEP
1536:WUfcESbaNk90LHVzRHAJU8ugJA1A44jcjTXPXp+hKX6AtknBaD2:WUrNk90bIv/zMTXPXNta1
Malware Config
Targets
-
-
Target
f20b50690cf973ff33280b734ff27c1d_JaffaCakes118
-
Size
93KB
-
MD5
f20b50690cf973ff33280b734ff27c1d
-
SHA1
bc0eb281f4922113930e9f7949a944af5babad3d
-
SHA256
3b432d0b1c93f3c7487015f460b2f8cd4842e3d83e9bc154751b8c7594b3ebc4
-
SHA512
61b2831a9199d641fc890fb5f80b7319117154885886a28d3ee619459b6cd0055e171f778f224aad9e7740559ac5df83cbeb6063ebefc39d3d72b67f4eb6b5a2
-
SSDEEP
1536:WUfcESbaNk90LHVzRHAJU8ugJA1A44jcjTXPXp+hKX6AtknBaD2:WUrNk90bIv/zMTXPXNta1
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-