General
-
Target
ab271a979c16efb38def19c6b08be90c_JaffaCakes118
-
Size
1.1MB
-
Sample
241128-f6jfqaxle1
-
MD5
ab271a979c16efb38def19c6b08be90c
-
SHA1
5d6fd37c871d6830b02c2f3cc579087f1250c9fe
-
SHA256
66d235c6039bceb535d957d603dc7f312a095621da9da6901722a22c21c4a3e3
-
SHA512
deec1fff9301f68b2cc6e9057e50a5566b4383f16c554614ed2c607596aaeace2fb3cdfee62197f29f6985e9958ba4e40b40aed4826ec619f01bdf9aac417ab7
-
SSDEEP
24576:05fGWLIJgcVNi34Nz3Sb9EDL+CmhAn5FUQp0awhfKyDHdrAQsOnz44:AvUJVeeTH+CPzUQCiyjdnU4
Malware Config
Targets
-
-
Target
ab271a979c16efb38def19c6b08be90c_JaffaCakes118
-
Size
1.1MB
-
MD5
ab271a979c16efb38def19c6b08be90c
-
SHA1
5d6fd37c871d6830b02c2f3cc579087f1250c9fe
-
SHA256
66d235c6039bceb535d957d603dc7f312a095621da9da6901722a22c21c4a3e3
-
SHA512
deec1fff9301f68b2cc6e9057e50a5566b4383f16c554614ed2c607596aaeace2fb3cdfee62197f29f6985e9958ba4e40b40aed4826ec619f01bdf9aac417ab7
-
SSDEEP
24576:05fGWLIJgcVNi34Nz3Sb9EDL+CmhAn5FUQp0awhfKyDHdrAQsOnz44:AvUJVeeTH+CPzUQCiyjdnU4
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
UAC bypass
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3