General
-
Target
5e381c344e78d54d58e5db9b5ef14250_JaffaCakes118
-
Size
90KB
-
Sample
241019-xxv7lataqe
-
MD5
5e381c344e78d54d58e5db9b5ef14250
-
SHA1
170ee1446d38210012a6ff326c129a1a5781b09d
-
SHA256
8f771d7974ffa92559b879c30059eea51e157beb513721bf9a46f0639e1a01b3
-
SHA512
00822d8e8c0bcae0bb6ccadb9bfc4ba438a62754afa685f8ab088dceb9724e368daaa4c46abdf075364ec693f2376131e9b6c0240406dd2780884697ac9776c9
-
SSDEEP
1536:77/R8RHzreA5Kj2WcM+UqTa/XFXhNJ9Yme6/6W7KGgIIH9VY:6zCXjNqTa/1kdIeGgIIY
Malware Config
Extracted
pony
http://ldepteu.pw:4915/way/like.php
http://kclkeuy.pw:4915/way/like.php
Targets
-
-
Target
5e381c344e78d54d58e5db9b5ef14250_JaffaCakes118
-
Size
90KB
-
MD5
5e381c344e78d54d58e5db9b5ef14250
-
SHA1
170ee1446d38210012a6ff326c129a1a5781b09d
-
SHA256
8f771d7974ffa92559b879c30059eea51e157beb513721bf9a46f0639e1a01b3
-
SHA512
00822d8e8c0bcae0bb6ccadb9bfc4ba438a62754afa685f8ab088dceb9724e368daaa4c46abdf075364ec693f2376131e9b6c0240406dd2780884697ac9776c9
-
SSDEEP
1536:77/R8RHzreA5Kj2WcM+UqTa/XFXhNJ9Yme6/6W7KGgIIH9VY:6zCXjNqTa/1kdIeGgIIY
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-