General
-
Target
f91edb1eb9ad0a68e7b407802fd90ad7_JaffaCakes118
-
Size
83KB
-
Sample
241217-2latqsskdl
-
MD5
f91edb1eb9ad0a68e7b407802fd90ad7
-
SHA1
2167f2a26f40fe0c1c12977fa3b29d4ed7458053
-
SHA256
2c2cea36437ddb630119424ad48309bfdac91b243d2770fa03ad14383cfe8d66
-
SHA512
67f0313606991a11a8bd4569fc945fceec7bcb718ae3e54f5a98425c71c208edf401d9bad0a246bf4d7a5918e0016a62cf50f15b51be6102b65039c360bd1dad
-
SSDEEP
1536:iaj2Wn/CqToAJM61mQ0Yaljw4CvmSjqtjYFrawO+EnsTkzmi:lj9MrQ0PvCvmFN6O+EnsLi
Malware Config
Extracted
pony
http://csisa.cardinalassistance.com/contacts.asp
http://blogmagomarameo.com/blog/bug.php
Targets
-
-
Target
f91edb1eb9ad0a68e7b407802fd90ad7_JaffaCakes118
-
Size
83KB
-
MD5
f91edb1eb9ad0a68e7b407802fd90ad7
-
SHA1
2167f2a26f40fe0c1c12977fa3b29d4ed7458053
-
SHA256
2c2cea36437ddb630119424ad48309bfdac91b243d2770fa03ad14383cfe8d66
-
SHA512
67f0313606991a11a8bd4569fc945fceec7bcb718ae3e54f5a98425c71c208edf401d9bad0a246bf4d7a5918e0016a62cf50f15b51be6102b65039c360bd1dad
-
SSDEEP
1536:iaj2Wn/CqToAJM61mQ0Yaljw4CvmSjqtjYFrawO+EnsTkzmi:lj9MrQ0PvCvmFN6O+EnsLi
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-