General
-
Target
JaffaCakes118_5a67b670a531a4153de953e468117b10
-
Size
372KB
-
Sample
250101-sxnqassrcn
-
MD5
5a67b670a531a4153de953e468117b10
-
SHA1
654fc09ed5d1c433e36f47ecb2f0aea790341357
-
SHA256
514fe9326d8165db0811ec21beb338de7b626dde5d40fbe8e00df7148737d6ed
-
SHA512
6f378d4d28fda04e25c6042a7c7f0cb37ac9bd5b2b05f6e9e2aecbc4cc5ec2666ccb108f0a9b95cad396faf1a3000828aa0c887bcf1ac68768eda277215bd09e
-
SSDEEP
6144:HKQYA830FqoJdJeAikJZvkMeYhTRwbOx:H78304WeAl+YWq
Malware Config
Extracted
pony
http://embroidery-export.com/cgi-bin/1/gate.php
Targets
-
-
Target
JaffaCakes118_5a67b670a531a4153de953e468117b10
-
Size
372KB
-
MD5
5a67b670a531a4153de953e468117b10
-
SHA1
654fc09ed5d1c433e36f47ecb2f0aea790341357
-
SHA256
514fe9326d8165db0811ec21beb338de7b626dde5d40fbe8e00df7148737d6ed
-
SHA512
6f378d4d28fda04e25c6042a7c7f0cb37ac9bd5b2b05f6e9e2aecbc4cc5ec2666ccb108f0a9b95cad396faf1a3000828aa0c887bcf1ac68768eda277215bd09e
-
SSDEEP
6144:HKQYA830FqoJdJeAikJZvkMeYhTRwbOx:H78304WeAl+YWq
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-