General
-
Target
118f5c2f908f89ba47d48c7b8a15b5f0_JaffaCakes118
-
Size
123KB
-
Sample
241004-dhb1ma1brr
-
MD5
118f5c2f908f89ba47d48c7b8a15b5f0
-
SHA1
4ba5a0ec757c3d93807f439aaa4cb0d563bea6bc
-
SHA256
303d3cd76ea75adb75383b7bbdc971f985e701bb7b78fe43e09a6e15f8ab3e37
-
SHA512
c8ff647f1327154d78115610897a05a58b57889f208a016f1e0d8a33307779071cd11af4029bf59d199426e19a34ae80a193df7f5fdc66ca2749a952c5b7adf7
-
SSDEEP
3072:5kaWbwX1hxb7d5FE883p+znYl09D+KUeQb3gGbS9+:atix3WV3p+zYlMzU7gGbC
Malware Config
Extracted
pony
http://solektus.info:4915/way/like.php
http://colekrys.info:4915/way/like.php
http://xojertas.info:4915/way/upd
Targets
-
-
Target
118f5c2f908f89ba47d48c7b8a15b5f0_JaffaCakes118
-
Size
123KB
-
MD5
118f5c2f908f89ba47d48c7b8a15b5f0
-
SHA1
4ba5a0ec757c3d93807f439aaa4cb0d563bea6bc
-
SHA256
303d3cd76ea75adb75383b7bbdc971f985e701bb7b78fe43e09a6e15f8ab3e37
-
SHA512
c8ff647f1327154d78115610897a05a58b57889f208a016f1e0d8a33307779071cd11af4029bf59d199426e19a34ae80a193df7f5fdc66ca2749a952c5b7adf7
-
SSDEEP
3072:5kaWbwX1hxb7d5FE883p+znYl09D+KUeQb3gGbS9+:atix3WV3p+zYlMzU7gGbC
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Hide Artifacts: Hidden Files and Directories
-