General
-
Target
64dd460f874edba9379482a34675a36c_JaffaCakes118
-
Size
100KB
-
Sample
241021-as9g4a1bqr
-
MD5
64dd460f874edba9379482a34675a36c
-
SHA1
1e19c83d06d927e3d8165802a1c042b9bdc11b6d
-
SHA256
b0d0bb83f6a1ce7562d3f1f6ca921abc3704ae91018196794d4434d6d974d755
-
SHA512
2f2e94551d1407e10ff771cb248209c0de0a5c801affb4056959d320c5e8c5aba910e9715fe6c8c7254f475f071870bcfca84ba6ed52248db6756963486ab763
-
SSDEEP
3072:4+3fsFe6Vq1oTAzTn7ro5hfdLPuSZlhk/:vUY6g1oT6j7rGtdLPuSZ7k/
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
64dd460f874edba9379482a34675a36c_JaffaCakes118
-
Size
100KB
-
MD5
64dd460f874edba9379482a34675a36c
-
SHA1
1e19c83d06d927e3d8165802a1c042b9bdc11b6d
-
SHA256
b0d0bb83f6a1ce7562d3f1f6ca921abc3704ae91018196794d4434d6d974d755
-
SHA512
2f2e94551d1407e10ff771cb248209c0de0a5c801affb4056959d320c5e8c5aba910e9715fe6c8c7254f475f071870bcfca84ba6ed52248db6756963486ab763
-
SSDEEP
3072:4+3fsFe6Vq1oTAzTn7ro5hfdLPuSZlhk/:vUY6g1oT6j7rGtdLPuSZ7k/
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-