General
-
Target
8217295dde3d0212c5294742d5f390e7_JaffaCakes118
-
Size
109KB
-
Sample
241031-hh292asfkh
-
MD5
8217295dde3d0212c5294742d5f390e7
-
SHA1
df82ae70745611d6c634f8dd3ae15dc157ce5072
-
SHA256
20602651c5210e781c3bc54ebd309c7dc7d520944ec6c620fff5e1b407760d05
-
SHA512
8e70330841a94f785bd83bbf0bebc6137d3e1876d2abff1fd7286d227d23635c33e9d6abd53c021289f67027230a573ad3678607ae85f93c6d708c53973b0d9e
-
SSDEEP
3072:lOUHeB1gldSNB9i/6jtAxtob25yW5oB3L8:iB14SNTicAyWw3L8
Malware Config
Extracted
pony
http://www.scoopcelebrity.com/mobiledummy/wp-content/plugins/wordpress-seo/admin/linkdex/external.php
http://www.evokingyou.com/fashion/wp-content/themes/twentyeleven/inc/external.php
http://forums.lolapps.com/includes/cron/response.php
http://www.weallscheme.com/wp-content/uploads/2010/07/menu.php
http://www.kitchenaria.com/modules/gateway2/Protx/response.php
Targets
-
-
Target
8217295dde3d0212c5294742d5f390e7_JaffaCakes118
-
Size
109KB
-
MD5
8217295dde3d0212c5294742d5f390e7
-
SHA1
df82ae70745611d6c634f8dd3ae15dc157ce5072
-
SHA256
20602651c5210e781c3bc54ebd309c7dc7d520944ec6c620fff5e1b407760d05
-
SHA512
8e70330841a94f785bd83bbf0bebc6137d3e1876d2abff1fd7286d227d23635c33e9d6abd53c021289f67027230a573ad3678607ae85f93c6d708c53973b0d9e
-
SSDEEP
3072:lOUHeB1gldSNB9i/6jtAxtob25yW5oB3L8:iB14SNTicAyWw3L8
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-