General
-
Target
51af41028eaec34cb366a4cce8ee716f_JaffaCakes118
-
Size
140KB
-
Sample
241017-l9whcashqg
-
MD5
51af41028eaec34cb366a4cce8ee716f
-
SHA1
b4ae23771b872da1b4bc6e03f702d49fa3d4911f
-
SHA256
45febf34fe440b7f892c6ab68b072d28609b082fc1cef59020a53e6429658ebc
-
SHA512
247504f0138d35b66b046da4ac419ebbc0917bc1e75c1f11feab9b9d39d2381df223706006b3382fcbbac4d7776e64b971c9023c21ff90bb0155bd67bbfd25a8
-
SSDEEP
3072:brN2GrJqB/Sd2wc/0c3Oomy2LdV9TQFUZPppppZppppppppppQppppppppZppppH:Ba/nX0pompdzTQFcPppppZppppppppp0
Malware Config
Extracted
pony
http://8.koguis.com/forum/viewtopic.php
http://8.axellelemaire.org/forum/viewtopic.php
-
payload_url
http://Voyagersystems.cc/EcYdbYWf.exe
http://marketer-school.net/xFMTvTNP.exe
Targets
-
-
Target
51af41028eaec34cb366a4cce8ee716f_JaffaCakes118
-
Size
140KB
-
MD5
51af41028eaec34cb366a4cce8ee716f
-
SHA1
b4ae23771b872da1b4bc6e03f702d49fa3d4911f
-
SHA256
45febf34fe440b7f892c6ab68b072d28609b082fc1cef59020a53e6429658ebc
-
SHA512
247504f0138d35b66b046da4ac419ebbc0917bc1e75c1f11feab9b9d39d2381df223706006b3382fcbbac4d7776e64b971c9023c21ff90bb0155bd67bbfd25a8
-
SSDEEP
3072:brN2GrJqB/Sd2wc/0c3Oomy2LdV9TQFUZPppppZppppppppppQppppppppZppppH:Ba/nX0pompdzTQFcPppppZppppppppp0
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-