General
-
Target
9ef287c961bcf504d450614e958d789f_JaffaCakes118
-
Size
100KB
-
Sample
241126-bdws5awjfv
-
MD5
9ef287c961bcf504d450614e958d789f
-
SHA1
486c47ee75a9d22a61c07e5e46fe2ed0083cb82b
-
SHA256
5bc308537209b5e22caf2d5407b4b049172cf6a6b98f1284b882d1c0bd0c8630
-
SHA512
721cc3c694fc5a795fc16201170c16638f0c5c3f312a2f56562077e3114463bb43683f18771dfd5abff3d32d7ee7ce8988bbcf57d55fe871f120c405efc20b40
-
SSDEEP
1536:fZ50o0T3D+jU53Joz2ZmhLKlJnzfvjc+PQhut4GOjO46AN4dbor:R50BTijUfoz20uQ3s4JjOX9dbm
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
9ef287c961bcf504d450614e958d789f_JaffaCakes118
-
Size
100KB
-
MD5
9ef287c961bcf504d450614e958d789f
-
SHA1
486c47ee75a9d22a61c07e5e46fe2ed0083cb82b
-
SHA256
5bc308537209b5e22caf2d5407b4b049172cf6a6b98f1284b882d1c0bd0c8630
-
SHA512
721cc3c694fc5a795fc16201170c16638f0c5c3f312a2f56562077e3114463bb43683f18771dfd5abff3d32d7ee7ce8988bbcf57d55fe871f120c405efc20b40
-
SSDEEP
1536:fZ50o0T3D+jU53Joz2ZmhLKlJnzfvjc+PQhut4GOjO46AN4dbor:R50BTijUfoz20uQ3s4JjOX9dbm
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-