General
-
Target
cf6e4f0e8451d299ea33ea7b1bb52770_JaffaCakes118
-
Size
108KB
-
Sample
241206-2st6ysyjbk
-
MD5
cf6e4f0e8451d299ea33ea7b1bb52770
-
SHA1
76519090e3da4003ab1405dcc6ed00ec89a6a4b8
-
SHA256
6077ccc1bfc2cf95a54ab264f718812937b99a0bb33d9d79fb4eaa4493844b43
-
SHA512
30dcdcba93400fe1fa96c21711044e9adf17033fac910866e36cf1d338251a9dcadbdefbf37c6b8993353d39dddb941815821efa1f5442e5271531156a5f9f68
-
SSDEEP
3072:eu8yXhyl3k9YCJCqBtAYjvHUZSTxYwuDIjFBjs1O:NXhyl8TJCqb7H8wuDWD
Malware Config
Extracted
pony
http://cityweddingguide.com:8080/pony/gate.php
http://200.72.183.54:81/pony/gate.php
-
payload_url
http://power-tec.sk/D8aoPu86/XPVqAGE.exe
http://synergieassurance.com/AnJVfWxx/aFa.exe
http://cotmacelectronics.com/UXSo3aho/BGhTb1J.exe
Targets
-
-
Target
cf6e4f0e8451d299ea33ea7b1bb52770_JaffaCakes118
-
Size
108KB
-
MD5
cf6e4f0e8451d299ea33ea7b1bb52770
-
SHA1
76519090e3da4003ab1405dcc6ed00ec89a6a4b8
-
SHA256
6077ccc1bfc2cf95a54ab264f718812937b99a0bb33d9d79fb4eaa4493844b43
-
SHA512
30dcdcba93400fe1fa96c21711044e9adf17033fac910866e36cf1d338251a9dcadbdefbf37c6b8993353d39dddb941815821efa1f5442e5271531156a5f9f68
-
SSDEEP
3072:eu8yXhyl3k9YCJCqBtAYjvHUZSTxYwuDIjFBjs1O:NXhyl8TJCqb7H8wuDWD
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-