General
-
Target
047bee1de282e29ceff848662b32bf22_JaffaCakes118
-
Size
102KB
-
Sample
241001-fw57qsscrl
-
MD5
047bee1de282e29ceff848662b32bf22
-
SHA1
ebd2877acbf8a86d4279772d5acf8c208fea4701
-
SHA256
50f29e1426b6d51779168690e3d7f9acdb5620f12e6013b999b2cd3779db94cf
-
SHA512
17f1c5ef61a4aac2b5b71514eebe56793c09159d81f272f6d0f47ef45f57149782e0b7285d993c74f5a16a1afc22b779b10c754fa4a832dae8eafa9795caaa77
-
SSDEEP
3072:RemCejxPosdau99MvCPuwx+r6poEUlyr8Ssk6lCb:RCiVXNcCmZryB7sk6l
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
047bee1de282e29ceff848662b32bf22_JaffaCakes118
-
Size
102KB
-
MD5
047bee1de282e29ceff848662b32bf22
-
SHA1
ebd2877acbf8a86d4279772d5acf8c208fea4701
-
SHA256
50f29e1426b6d51779168690e3d7f9acdb5620f12e6013b999b2cd3779db94cf
-
SHA512
17f1c5ef61a4aac2b5b71514eebe56793c09159d81f272f6d0f47ef45f57149782e0b7285d993c74f5a16a1afc22b779b10c754fa4a832dae8eafa9795caaa77
-
SSDEEP
3072:RemCejxPosdau99MvCPuwx+r6poEUlyr8Ssk6lCb:RCiVXNcCmZryB7sk6l
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-