General
-
Target
04fec039fbc9dfbcc8850538685069ba_JaffaCakes118
-
Size
175KB
-
Sample
241001-j5r81stckg
-
MD5
04fec039fbc9dfbcc8850538685069ba
-
SHA1
5185a7deae579501c8ad58d2c794f9a61b249e95
-
SHA256
ac611aa4a6959c1c49dc31bece56e819316b0d82df736b84f5e5a4a0dbf782f6
-
SHA512
e7794227541c24183ef32e86ae441f44b658eeb0bfcb2efe3e053f766aba2c23ff4168f2655a7e9bbd6fdcdbaa590f4bc0f9ffa995012178548555169b77d3d9
-
SSDEEP
3072:lhk9XVvHxphjO7oI19Z41n9MM31YdSxbbLX/:c9X15jO7ou9e19MSBbbLv
Malware Config
Extracted
pony
http://63.251.20.52/forum/viewtopic.php
http://69.194.194.10/forum/viewtopic.php
-
payload_url
http://atualizacoes.issqn.net/6PrbAL.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
04fec039fbc9dfbcc8850538685069ba_JaffaCakes118
-
Size
175KB
-
MD5
04fec039fbc9dfbcc8850538685069ba
-
SHA1
5185a7deae579501c8ad58d2c794f9a61b249e95
-
SHA256
ac611aa4a6959c1c49dc31bece56e819316b0d82df736b84f5e5a4a0dbf782f6
-
SHA512
e7794227541c24183ef32e86ae441f44b658eeb0bfcb2efe3e053f766aba2c23ff4168f2655a7e9bbd6fdcdbaa590f4bc0f9ffa995012178548555169b77d3d9
-
SSDEEP
3072:lhk9XVvHxphjO7oI19Z41n9MM31YdSxbbLX/:c9X15jO7ou9e19MSBbbLv
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-