General
-
Target
df756c27559ef3341c13873512fed6ea_JaffaCakes118
-
Size
188KB
-
Sample
241211-cgpdwszqhz
-
MD5
df756c27559ef3341c13873512fed6ea
-
SHA1
8ba74e3f8ea88137b9cc920614400fe944f0cafa
-
SHA256
0e8e3a3e68cd8d61040eb88296bccef42d5c0f9980e6a8a07c0389d29a35a05c
-
SHA512
d00826b9abe09032c31dc7260867b784727ddd8e6be70e3da79a38998d69f975fa21e8a5ca39c029dbce2d71547726e130b50f1036628eab66ed257ec74de8f6
-
SSDEEP
3072:3RMaUeJs3aw/uUUR7wH9c7wCVPbL1KrgRYnoFH30Tx:3OaZJs3BApK96wozL1KrIYo1u
Malware Config
Extracted
pony
http://213.155.112.84:8080/forum/viewtopic.php
http://213.155.112.85:8080/forum/viewtopic.php
-
payload_url
http://szreson.com/uBbh.exe
http://blue-pills.com/Ukt.exe
http://www.halikarnaspetshop.com/APf.exe
Targets
-
-
Target
df756c27559ef3341c13873512fed6ea_JaffaCakes118
-
Size
188KB
-
MD5
df756c27559ef3341c13873512fed6ea
-
SHA1
8ba74e3f8ea88137b9cc920614400fe944f0cafa
-
SHA256
0e8e3a3e68cd8d61040eb88296bccef42d5c0f9980e6a8a07c0389d29a35a05c
-
SHA512
d00826b9abe09032c31dc7260867b784727ddd8e6be70e3da79a38998d69f975fa21e8a5ca39c029dbce2d71547726e130b50f1036628eab66ed257ec74de8f6
-
SSDEEP
3072:3RMaUeJs3aw/uUUR7wH9c7wCVPbL1KrgRYnoFH30Tx:3OaZJs3BApK96wozL1KrIYo1u
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-