General
-
Target
f3b62e607bcc45676eb4ef560fbe9ea4_JaffaCakes118
-
Size
120KB
-
Sample
241215-m8bl8askfx
-
MD5
f3b62e607bcc45676eb4ef560fbe9ea4
-
SHA1
3b69a8a9c3c9d8f06f8c464d03b10b1eb7bb9317
-
SHA256
1e7cc45afcbe85c6030a88c4323e37b4387941bbbfed8c303c26143f6e9208ca
-
SHA512
c1c8a751ec8d5f54eaef372b092ac4b3713576e6bc8050c4ebf74f87ff908990d3470076f26a7c00821bb36b12642a3b670c0f3f17bb968b0647e89708476c69
-
SSDEEP
3072:5KFowxnGUszCGNd7eaETIus1ggVnYrxozWZe4/MH99IwvX1:u77dGNd75ETWP8ozWZe4
Malware Config
Extracted
pony
http://s196100304.onlinehome.fr/w.htm
http://debag.me/h.htm
http://mobilyschoolsfootballleague.com/f.htm
http://bestgiftworld.com/c.htm
http://chuvanan.com/x.htm
Targets
-
-
Target
f3b62e607bcc45676eb4ef560fbe9ea4_JaffaCakes118
-
Size
120KB
-
MD5
f3b62e607bcc45676eb4ef560fbe9ea4
-
SHA1
3b69a8a9c3c9d8f06f8c464d03b10b1eb7bb9317
-
SHA256
1e7cc45afcbe85c6030a88c4323e37b4387941bbbfed8c303c26143f6e9208ca
-
SHA512
c1c8a751ec8d5f54eaef372b092ac4b3713576e6bc8050c4ebf74f87ff908990d3470076f26a7c00821bb36b12642a3b670c0f3f17bb968b0647e89708476c69
-
SSDEEP
3072:5KFowxnGUszCGNd7eaETIus1ggVnYrxozWZe4/MH99IwvX1:u77dGNd75ETWP8ozWZe4
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-