General
-
Target
a7d495047ed2e51f466de166166e8584_JaffaCakes118
-
Size
102KB
-
Sample
241127-ph9gnszlck
-
MD5
a7d495047ed2e51f466de166166e8584
-
SHA1
d1cd3d7b64b3d8ad22ddd65fa4e091c0b1ac9295
-
SHA256
9c9cb0eb8a9cbd759910b48204e8363dfb351cd93557d0b5f13a21f217a23bd2
-
SHA512
97d9b89270155a3305823afc38a25bed97fee66272e778b8a10a879ad6440e12ad09d047752d5dbbb152d9eeadf61fbc430fb71b5c501ab5e6076364159b4541
-
SSDEEP
1536:EpcwmTzlnq1lPCOUlscN/7YjDKzskId4Ldpz838NmGT+:Eq52l69lPmOskA4Lbz83FZ
Malware Config
Extracted
pony
http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php
Targets
-
-
Target
a7d495047ed2e51f466de166166e8584_JaffaCakes118
-
Size
102KB
-
MD5
a7d495047ed2e51f466de166166e8584
-
SHA1
d1cd3d7b64b3d8ad22ddd65fa4e091c0b1ac9295
-
SHA256
9c9cb0eb8a9cbd759910b48204e8363dfb351cd93557d0b5f13a21f217a23bd2
-
SHA512
97d9b89270155a3305823afc38a25bed97fee66272e778b8a10a879ad6440e12ad09d047752d5dbbb152d9eeadf61fbc430fb71b5c501ab5e6076364159b4541
-
SSDEEP
1536:EpcwmTzlnq1lPCOUlscN/7YjDKzskId4Ldpz838NmGT+:Eq52l69lPmOskA4Lbz83FZ
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-