General
-
Target
89deca7b716140975b45a3ce0272e7b5_JaffaCakes118
-
Size
95KB
-
Sample
241103-f95hcswkbx
-
MD5
89deca7b716140975b45a3ce0272e7b5
-
SHA1
c5cbac0c0f36c449b1df3c2d0a7c60705adc60f4
-
SHA256
e04c0ebdf0f4d1ed3ea6847f0e7cb1b0e179c776dc7aaa72b2122d8cdbbcabf0
-
SHA512
fc865e7e92908cbcf7f51df51a276373b541e7f4a77d32043bbb7ca8cd9ed91fbfdb284974fbb893304ed9f4287f2626b7c2a1487a537cd0475b39d08daa466b
-
SSDEEP
1536:CGF7Mx43iFGqXvpm1AUPyKxnxLdj85jMxknFGMGQfDGyaA4KF9X/:CGliFGq/0yejyjks/fyMr3
Malware Config
Targets
-
-
Target
89deca7b716140975b45a3ce0272e7b5_JaffaCakes118
-
Size
95KB
-
MD5
89deca7b716140975b45a3ce0272e7b5
-
SHA1
c5cbac0c0f36c449b1df3c2d0a7c60705adc60f4
-
SHA256
e04c0ebdf0f4d1ed3ea6847f0e7cb1b0e179c776dc7aaa72b2122d8cdbbcabf0
-
SHA512
fc865e7e92908cbcf7f51df51a276373b541e7f4a77d32043bbb7ca8cd9ed91fbfdb284974fbb893304ed9f4287f2626b7c2a1487a537cd0475b39d08daa466b
-
SSDEEP
1536:CGF7Mx43iFGqXvpm1AUPyKxnxLdj85jMxknFGMGQfDGyaA4KF9X/:CGliFGq/0yejyjks/fyMr3
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-