General
-
Target
f32a51f96e7f558218bb6ca5a25f7180_JaffaCakes118
-
Size
328KB
-
Sample
240924-jq3q7swfmn
-
MD5
f32a51f96e7f558218bb6ca5a25f7180
-
SHA1
553d7ccaec73dbe70303865a3f540ca27c6ca39c
-
SHA256
7eafa4e015e3390cd61f2217ed4cf798d8f66bd3f35b43fe7be050b5175985e5
-
SHA512
38d2f78806435b4a796860d5007e751dc8246e75e58e7f4110205e34be8816e600980f03030bf2ae679f4554a97ef7b7227a0426f0d0727bf38e0d3012c5bc7a
-
SSDEEP
3072:pM7vlDCfjJfYaYyXOHZMdFiyBlbw26J7aDHM4f3rg4v+8IgzCysfZq:YsJQOX4MLzkvJ7aDHM4fUUCysfZ
Malware Config
Extracted
pony
http://untolds.flu.cc/xzgeni3/gate.php
Targets
-
-
Target
f32a51f96e7f558218bb6ca5a25f7180_JaffaCakes118
-
Size
328KB
-
MD5
f32a51f96e7f558218bb6ca5a25f7180
-
SHA1
553d7ccaec73dbe70303865a3f540ca27c6ca39c
-
SHA256
7eafa4e015e3390cd61f2217ed4cf798d8f66bd3f35b43fe7be050b5175985e5
-
SHA512
38d2f78806435b4a796860d5007e751dc8246e75e58e7f4110205e34be8816e600980f03030bf2ae679f4554a97ef7b7227a0426f0d0727bf38e0d3012c5bc7a
-
SSDEEP
3072:pM7vlDCfjJfYaYyXOHZMdFiyBlbw26J7aDHM4f3rg4v+8IgzCysfZq:YsJQOX4MLzkvJ7aDHM4fUUCysfZ
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-