General
-
Target
0cdd8b96a8439e71d59f28e904c9a936_JaffaCakes118
-
Size
142KB
-
Sample
241002-3bhx2awdqd
-
MD5
0cdd8b96a8439e71d59f28e904c9a936
-
SHA1
42faef1b5d18a31a8c21558f6f037085f6198590
-
SHA256
c3cf8df2de86ce19f8142c3513ea0c78b3e36bbae2378dfc0b81774356785a6d
-
SHA512
18809014ef35227b717c1d3d72b5c75daefd7d0457518e9dd8211ddcb736af59eb5e73a5c05e8a904792513cce39257286bcaa2c1e4b30e3b06ad692173984b0
-
SSDEEP
3072:79TjCY5YMhY07pMAoyzbv0N4gMj4+tC6:N2Y5YMh37pM2v02gK4F
Malware Config
Extracted
pony
http://91.207.6.142:8080/forum/viewtopic.php
http://184.95.37.150/forum/viewtopic.php
-
payload_url
http://baskentbilgisayar.com.tr/KcSYnGk.exe
http://selfirakomunika.co.id/hi9s1Z.exe
Targets
-
-
Target
0cdd8b96a8439e71d59f28e904c9a936_JaffaCakes118
-
Size
142KB
-
MD5
0cdd8b96a8439e71d59f28e904c9a936
-
SHA1
42faef1b5d18a31a8c21558f6f037085f6198590
-
SHA256
c3cf8df2de86ce19f8142c3513ea0c78b3e36bbae2378dfc0b81774356785a6d
-
SHA512
18809014ef35227b717c1d3d72b5c75daefd7d0457518e9dd8211ddcb736af59eb5e73a5c05e8a904792513cce39257286bcaa2c1e4b30e3b06ad692173984b0
-
SSDEEP
3072:79TjCY5YMhY07pMAoyzbv0N4gMj4+tC6:N2Y5YMh37pM2v02gK4F
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-