General
-
Target
9b3e6693e9da6efd0c2206b830f41dfb_JaffaCakes118
-
Size
250KB
-
Sample
241125-ntgqcs1naj
-
MD5
9b3e6693e9da6efd0c2206b830f41dfb
-
SHA1
281c6c7a4eee0e0e0d25744b223762c69c1b4c25
-
SHA256
d97f4c81e48a1721ebdbf9976d5457f7d159287351f0c72af0cd9d32bfa8e599
-
SHA512
2a07734da4ad1ec559677dd1323f29805cff0e16cdf94d31c3ae28248d95aa85405ff03f1d693263bfb14743291ac42456d3f096eb238c5f7917c72c763196b6
-
SSDEEP
6144:4SQmyXB+8lmqwO1mGSQmyXB+8lmqwO1mJ3:4JB+Gn71LJB+Gn71I
Malware Config
Extracted
pony
http://5.paispirata.com/forum/viewtopic.php
http://5.schwartz-investments.com/forum/viewtopic.php
-
payload_url
http://pixelsolutions.es/Co6DNZKB/dhfay.exe
http://erkanbilisim.com/X3duv5Jj/i0V5w.exe
http://ftp.cuckooemporium.com/znxmvCob/MS4BHNx.exe
Targets
-
-
Target
9b3e6693e9da6efd0c2206b830f41dfb_JaffaCakes118
-
Size
250KB
-
MD5
9b3e6693e9da6efd0c2206b830f41dfb
-
SHA1
281c6c7a4eee0e0e0d25744b223762c69c1b4c25
-
SHA256
d97f4c81e48a1721ebdbf9976d5457f7d159287351f0c72af0cd9d32bfa8e599
-
SHA512
2a07734da4ad1ec559677dd1323f29805cff0e16cdf94d31c3ae28248d95aa85405ff03f1d693263bfb14743291ac42456d3f096eb238c5f7917c72c763196b6
-
SSDEEP
6144:4SQmyXB+8lmqwO1mGSQmyXB+8lmqwO1mJ3:4JB+Gn71LJB+Gn71I
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-