General
-
Target
JaffaCakes118_2da07c3d0ae82acc4a40f7ba8ca2dbd1
-
Size
159KB
-
Sample
250113-x241asvjhw
-
MD5
2da07c3d0ae82acc4a40f7ba8ca2dbd1
-
SHA1
bc9a8fcf2666eb399bc3b6d1f932fdf0307b1c3b
-
SHA256
8e48b52fcaa472b2e7c19c2be55ff8519b8f18cf34c3e2b2576b572732e44a76
-
SHA512
0325018cde9bf1c5db41432cc10733b42c305d0cac6725b96d3ac59737858e809c700852ebcbfe0c335da1ce572694709489e7c45cabdbbf659f7fc7180f82fe
-
SSDEEP
3072:aKSlenvyjGYv5C1TIXcWhI1Hlpct1YmauNKZVi:IcvKv5CScWi1HuuuNKZw
Malware Config
Extracted
pony
http://ser.mydogsitter.com/forum/viewtopic.php
http://bigbroshark.com/forum/viewtopic.php
-
payload_url
http://atualizacoes.issqn.net/6PrbAL.exe
http://www.activities2go.com/ymZ86.exe
Targets
-
-
Target
JaffaCakes118_2da07c3d0ae82acc4a40f7ba8ca2dbd1
-
Size
159KB
-
MD5
2da07c3d0ae82acc4a40f7ba8ca2dbd1
-
SHA1
bc9a8fcf2666eb399bc3b6d1f932fdf0307b1c3b
-
SHA256
8e48b52fcaa472b2e7c19c2be55ff8519b8f18cf34c3e2b2576b572732e44a76
-
SHA512
0325018cde9bf1c5db41432cc10733b42c305d0cac6725b96d3ac59737858e809c700852ebcbfe0c335da1ce572694709489e7c45cabdbbf659f7fc7180f82fe
-
SSDEEP
3072:aKSlenvyjGYv5C1TIXcWhI1Hlpct1YmauNKZVi:IcvKv5CScWi1HuuuNKZw
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-