General
-
Target
80f358bec5dfe10cbfab133a6a5fe633_JaffaCakes118
-
Size
180KB
-
Sample
241031-befhjaxkaq
-
MD5
80f358bec5dfe10cbfab133a6a5fe633
-
SHA1
9f12315a7727059004645099f6e271099a564e93
-
SHA256
829642dc480aa5268b98f4bd83b04664bc94657da1d77dc7b9cd006832370d68
-
SHA512
ccd6d4904cd44a6e074ee0830ace5f71fcde6114df1173aba2c5c90ed5cf75e81bc749c833c5fd36167a2b592bcfdbb980e3151db69d72e9f59396834e0a95f9
-
SSDEEP
3072:3a6866666666666666v666K6injWkD2OFBqg6lE8TRMZbObFW66666666666666q:q6866666666666666v666K6ijWkniTOS
Malware Config
Extracted
pony
http://108.178.59.26/forum/viewtopic.php
http://209.59.223.7/forum/viewtopic.php
-
payload_url
http://umbrellasandbeyond.mivamerchant.net/8kvut.exe
http://www.nuscimedia.com/7oEN.exe
http://mobile-for-products.com/Waytw.exe
Targets
-
-
Target
80f358bec5dfe10cbfab133a6a5fe633_JaffaCakes118
-
Size
180KB
-
MD5
80f358bec5dfe10cbfab133a6a5fe633
-
SHA1
9f12315a7727059004645099f6e271099a564e93
-
SHA256
829642dc480aa5268b98f4bd83b04664bc94657da1d77dc7b9cd006832370d68
-
SHA512
ccd6d4904cd44a6e074ee0830ace5f71fcde6114df1173aba2c5c90ed5cf75e81bc749c833c5fd36167a2b592bcfdbb980e3151db69d72e9f59396834e0a95f9
-
SSDEEP
3072:3a6866666666666666v666K6injWkD2OFBqg6lE8TRMZbObFW66666666666666q:q6866666666666666v666K6ijWkniTOS
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-