General
-
Target
JaffaCakes118_69c103750fdb652b6dbab5cce3f890e0
-
Size
128KB
-
Sample
250103-c8qe9swmfv
-
MD5
69c103750fdb652b6dbab5cce3f890e0
-
SHA1
3be1d5dd6a4c40684ab3c2aac1910bf41ffffd0c
-
SHA256
face9ed60ce2b5ea083157a7b0b693c576cd243d83556965874a5e349dac8619
-
SHA512
1fd95c6ee1b265e1e30221634d49a900ac1f71a954f89e2974994241f3264b2a617c05d93a476f9e7512a13322813614def56937829a19bcbf64659a79f10332
-
SSDEEP
3072:Xq+hXDVNHwTKU7PUROt/qYcNs2F+I1GxEpHRKVUOKStb2:6N7cROt/fcGNydRKVU+t
Malware Config
Extracted
pony
http://mail.yaklasim.com:8080/forum/viewtopic.php
http://andlettherebelight.com/forum/viewtopic.php
http://firepointmedia.net/forum/viewtopic.php
http://graphicspecialistsgroup.com/forum/viewtopic.php
-
payload_url
http://bartenderreview.com/VGJ5jE7i.exe
http://applehospital.com/nHuGh31.exe
http://scambio.meloni.it/di7Uag.exe
Targets
-
-
Target
JaffaCakes118_69c103750fdb652b6dbab5cce3f890e0
-
Size
128KB
-
MD5
69c103750fdb652b6dbab5cce3f890e0
-
SHA1
3be1d5dd6a4c40684ab3c2aac1910bf41ffffd0c
-
SHA256
face9ed60ce2b5ea083157a7b0b693c576cd243d83556965874a5e349dac8619
-
SHA512
1fd95c6ee1b265e1e30221634d49a900ac1f71a954f89e2974994241f3264b2a617c05d93a476f9e7512a13322813614def56937829a19bcbf64659a79f10332
-
SSDEEP
3072:Xq+hXDVNHwTKU7PUROt/qYcNs2F+I1GxEpHRKVUOKStb2:6N7cROt/fcGNydRKVU+t
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-