General
-
Target
93b8febc0fb24afab2f8a816df698dd9_JaffaCakes118
-
Size
101KB
-
Sample
241124-k3q4lsyqhj
-
MD5
93b8febc0fb24afab2f8a816df698dd9
-
SHA1
551aad81befd971b5a40013db57ede2cd7636f23
-
SHA256
f029fcc3ec57f8155483af019da8a442af9415d8e013a2d5f5b6e6257c4bdf71
-
SHA512
53c8f98550da9835407faa7a3cdc59b89e1f2cd56308e471829c0be47ae5259dea9d4e268c693a64ae33b36b73a52c4e2ff0c81debf33e44f5271fb40b664378
-
SSDEEP
1536:1B+mJnnp7QekA+DvI3se2niWpJ8Cu4h706i1gjnfFvqMEuLmWmUdz8:1Dz0euDk72nLJRnrUgLFvqME8mWmUd
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
93b8febc0fb24afab2f8a816df698dd9_JaffaCakes118
-
Size
101KB
-
MD5
93b8febc0fb24afab2f8a816df698dd9
-
SHA1
551aad81befd971b5a40013db57ede2cd7636f23
-
SHA256
f029fcc3ec57f8155483af019da8a442af9415d8e013a2d5f5b6e6257c4bdf71
-
SHA512
53c8f98550da9835407faa7a3cdc59b89e1f2cd56308e471829c0be47ae5259dea9d4e268c693a64ae33b36b73a52c4e2ff0c81debf33e44f5271fb40b664378
-
SSDEEP
1536:1B+mJnnp7QekA+DvI3se2niWpJ8Cu4h706i1gjnfFvqMEuLmWmUdz8:1Dz0euDk72nLJRnrUgLFvqME8mWmUd
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-