General
-
Target
f463722fab311a46e0cb875458607dcb_JaffaCakes118
-
Size
290KB
-
Sample
240924-yksflsvfpb
-
MD5
f463722fab311a46e0cb875458607dcb
-
SHA1
0d602a490199df349d29e6e13a961e479ee0a171
-
SHA256
779da80d5b797f118de033b3db9c0fe8f3a16f357b50738d51400cb20aae7b0b
-
SHA512
bf6c573e20ca24cc119657763919269a906bf93dd2925b7c2bc7076953005034d9b78d9949686cdb304b7a71a07a31856fd4baa8904e3eab98135336b9eb1b43
-
SSDEEP
6144:ovGA+kCU5USU2/n2DiVNQTclOlfJ5KC11aHR8U8jA7BZ:o+A+kZ3/n2DikTD357fcRe
Malware Config
Extracted
pony
http://gbcad.com.br/temp/panel/gate.php
-
payload_url
http://gbcad.com.br/temp/panel/shit.exe
Targets
-
-
Target
f463722fab311a46e0cb875458607dcb_JaffaCakes118
-
Size
290KB
-
MD5
f463722fab311a46e0cb875458607dcb
-
SHA1
0d602a490199df349d29e6e13a961e479ee0a171
-
SHA256
779da80d5b797f118de033b3db9c0fe8f3a16f357b50738d51400cb20aae7b0b
-
SHA512
bf6c573e20ca24cc119657763919269a906bf93dd2925b7c2bc7076953005034d9b78d9949686cdb304b7a71a07a31856fd4baa8904e3eab98135336b9eb1b43
-
SSDEEP
6144:ovGA+kCU5USU2/n2DiVNQTclOlfJ5KC11aHR8U8jA7BZ:o+A+kZ3/n2DikTD357fcRe
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-