General
-
Target
eb17c6bfe3459878cc3eb12bb987549b_JaffaCakes118
-
Size
137KB
-
Sample
241213-mmc8xsxmgp
-
MD5
eb17c6bfe3459878cc3eb12bb987549b
-
SHA1
46abc38971d621d997783873fd1705683b155553
-
SHA256
d93aaff93a4d83ac6432eb9fb40d1c9531a7c02ed39ba98e35605a5a2b4c58e5
-
SHA512
f4109ef0e9714c5194644a1c25ee600eabb1ecabf33423654477c197bcdf1deae02f892c52e3eced23da85d6f81c925682bed5f450ae1bee19bf0fb597774ad7
-
SSDEEP
3072:ZLKJtpwMi1iY5pp+8hksrQJsgzX0QwtlZh/Cn:ZAtpw91T/pVS8gzkjN/a
Malware Config
Extracted
pony
http://www.alberghi.com:8080/pony/gate.php
http://buyandsmile.atomclick.co:8080/pony/gate.php
-
payload_url
http://b0t25.info/Aoregr.exe
http://fabriziodominguez.cl/btVGNM8Z.exe
http://kamudanhaber.com/FxYhKA.exe
Targets
-
-
Target
eb17c6bfe3459878cc3eb12bb987549b_JaffaCakes118
-
Size
137KB
-
MD5
eb17c6bfe3459878cc3eb12bb987549b
-
SHA1
46abc38971d621d997783873fd1705683b155553
-
SHA256
d93aaff93a4d83ac6432eb9fb40d1c9531a7c02ed39ba98e35605a5a2b4c58e5
-
SHA512
f4109ef0e9714c5194644a1c25ee600eabb1ecabf33423654477c197bcdf1deae02f892c52e3eced23da85d6f81c925682bed5f450ae1bee19bf0fb597774ad7
-
SSDEEP
3072:ZLKJtpwMi1iY5pp+8hksrQJsgzX0QwtlZh/Cn:ZAtpw91T/pVS8gzkjN/a
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-