General
-
Target
6bde0cd0c88892285dc43139f1947cf7_JaffaCakes118
-
Size
100KB
-
Sample
241022-zpcfmatcjh
-
MD5
6bde0cd0c88892285dc43139f1947cf7
-
SHA1
1426366c89706e65cffbc341ecafa78767e8cf32
-
SHA256
b5962b1baf2d66ae41bcc79451c99c7ceb26fdbd3ab3cef801195eecd47b0b1b
-
SHA512
88a920706839f9c5a0ab7c54ad51cd705d387a5d5c518b171d99b164b9626f97f9b6237419037593bd990687676baa18f09d7e9f73d40f9f333ecea42d95ace1
-
SSDEEP
1536:+v1+XaxZm3NMyDWHUPCc1/G7FeJZ4FP0jerXXQWqbXVXTrtU7ZK+G2N3s2AOsR7r:vqfxyiTs2FeJC90jEVqrR2ZN3EO8
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
6bde0cd0c88892285dc43139f1947cf7_JaffaCakes118
-
Size
100KB
-
MD5
6bde0cd0c88892285dc43139f1947cf7
-
SHA1
1426366c89706e65cffbc341ecafa78767e8cf32
-
SHA256
b5962b1baf2d66ae41bcc79451c99c7ceb26fdbd3ab3cef801195eecd47b0b1b
-
SHA512
88a920706839f9c5a0ab7c54ad51cd705d387a5d5c518b171d99b164b9626f97f9b6237419037593bd990687676baa18f09d7e9f73d40f9f333ecea42d95ace1
-
SSDEEP
1536:+v1+XaxZm3NMyDWHUPCc1/G7FeJZ4FP0jerXXQWqbXVXTrtU7ZK+G2N3s2AOsR7r:vqfxyiTs2FeJC90jEVqrR2ZN3EO8
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-