General
-
Target
02bbf12b26e34473e3ed3281a135fb01_JaffaCakes118
-
Size
99KB
-
Sample
240930-w7glhszblk
-
MD5
02bbf12b26e34473e3ed3281a135fb01
-
SHA1
d94684a48336b2e0a726efff8494f95f11552911
-
SHA256
978e1e41caf6dad8aa332731111b7c001da43426eef24b8637b52eeea77f08f0
-
SHA512
943808ffa3b47f154d3a61d44feac884bc3206ffaf4cefcbf60857b1ba48279fba578ce1e02b0d1698d158042ef4148b582c3e0959c043c2cb811174e6d81176
-
SSDEEP
3072:u8GFDVY1qfQveFZipuNE2OdOlY4txf76Ajev2:Kk1qIve6puNE2OdcRxf7O
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
02bbf12b26e34473e3ed3281a135fb01_JaffaCakes118
-
Size
99KB
-
MD5
02bbf12b26e34473e3ed3281a135fb01
-
SHA1
d94684a48336b2e0a726efff8494f95f11552911
-
SHA256
978e1e41caf6dad8aa332731111b7c001da43426eef24b8637b52eeea77f08f0
-
SHA512
943808ffa3b47f154d3a61d44feac884bc3206ffaf4cefcbf60857b1ba48279fba578ce1e02b0d1698d158042ef4148b582c3e0959c043c2cb811174e6d81176
-
SSDEEP
3072:u8GFDVY1qfQveFZipuNE2OdOlY4txf76Ajev2:Kk1qIve6puNE2OdcRxf7O
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-