General
-
Target
f61516fa84aa096362df55d41dfb96cc_JaffaCakes118
-
Size
92KB
-
Sample
240925-qdgfrszfpa
-
MD5
f61516fa84aa096362df55d41dfb96cc
-
SHA1
45cd922c4f79533e0ae9214194cad34a5140d11a
-
SHA256
251a00c828bf67ddc2560fe6d5e30833071f373eccb11931ca072328aca9d3c0
-
SHA512
2dbced7c93bd626a312df7119c898e0ebe8592e6a4d90fca8ab01f7941e3cfd2e0317e5e116400697b925980e11f48161df75adf474b34fcdf5e53fc329a700f
-
SSDEEP
1536:3RZdPSMAO8CTbG5WDBcnML67ZmrZ+QEs0DABt7UdT+RoW8NKRwXzui46rtelcF:BzPPAO80bSWCnMmIFEEqAoyoyAt5
Malware Config
Targets
-
-
Target
f61516fa84aa096362df55d41dfb96cc_JaffaCakes118
-
Size
92KB
-
MD5
f61516fa84aa096362df55d41dfb96cc
-
SHA1
45cd922c4f79533e0ae9214194cad34a5140d11a
-
SHA256
251a00c828bf67ddc2560fe6d5e30833071f373eccb11931ca072328aca9d3c0
-
SHA512
2dbced7c93bd626a312df7119c898e0ebe8592e6a4d90fca8ab01f7941e3cfd2e0317e5e116400697b925980e11f48161df75adf474b34fcdf5e53fc329a700f
-
SSDEEP
1536:3RZdPSMAO8CTbG5WDBcnML67ZmrZ+QEs0DABt7UdT+RoW8NKRwXzui46rtelcF:BzPPAO80bSWCnMmIFEEqAoyoyAt5
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-