General
-
Target
889271471d7e2eb30c2b5a4e8f6fbab1_JaffaCakes118
-
Size
133KB
-
Sample
241103-ab462sslbj
-
MD5
889271471d7e2eb30c2b5a4e8f6fbab1
-
SHA1
37f7d983e0a1fa39f1134dc87af0d0c2a89a0329
-
SHA256
b37e0fddbdd2ce49c82d84d738dac0cf3a04344142c171e0f196660a55ea6e32
-
SHA512
95c3c61b8fb018312ce153471ceffeabfae2c4da59082439dbf3003e363469cd1520a76d0e5886174bd70928a5f1212b37e24d854b7e25b144d0c4cb9599156a
-
SSDEEP
3072:XnQJhOHg9TjDdkPRHpKGZyWU9hV7gRYvvdPUw7LLsdPvSJtjAR:YOHAfDERsIlU9hsYvvdPTnLsdPvSg
Malware Config
Extracted
pony
http://206.72.197.16/forum/viewtopic.php
http://206.72.206.132/forum/viewtopic.php
-
payload_url
http://wedmann-bautenschutz.de/eKA.exe
http://genelectro.com.ve/SEVV.exe
http://straighttalktraveltips.com/WHkPa.exe
Targets
-
-
Target
889271471d7e2eb30c2b5a4e8f6fbab1_JaffaCakes118
-
Size
133KB
-
MD5
889271471d7e2eb30c2b5a4e8f6fbab1
-
SHA1
37f7d983e0a1fa39f1134dc87af0d0c2a89a0329
-
SHA256
b37e0fddbdd2ce49c82d84d738dac0cf3a04344142c171e0f196660a55ea6e32
-
SHA512
95c3c61b8fb018312ce153471ceffeabfae2c4da59082439dbf3003e363469cd1520a76d0e5886174bd70928a5f1212b37e24d854b7e25b144d0c4cb9599156a
-
SSDEEP
3072:XnQJhOHg9TjDdkPRHpKGZyWU9hV7gRYvvdPUw7LLsdPvSJtjAR:YOHAfDERsIlU9hsYvvdPTnLsdPvSg
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-