General
-
Target
JaffaCakes118_462c6a01e22908c84c555a58e966cab5
-
Size
178KB
-
Sample
250114-1nt5qa1khx
-
MD5
462c6a01e22908c84c555a58e966cab5
-
SHA1
0952a1b6fc79fd0a1863aea43323d0c91421d006
-
SHA256
db25b9a4b6c29cfdaf9cba767cc475d65f35f8a8185f8c7dd8e52b083107c477
-
SHA512
eb637b614dc1b5fb4b60259dbf026da38df234f8d915ef063688ad23b697f1bf26ef79bb60b98f3bc31e14277e179c9d5da3f823153aad2ee897d886ce1d66e4
-
SSDEEP
3072:Z7Ok9KPvGP79rbtTocTvni1DR6ZwQX691YR6Sd5bbLZX:X9KHGdbtTzbi1DRyH6nObbL9
Malware Config
Extracted
pony
http://skodadiseltunning.org/forum/viewtopic.php
http://skodaturbovrx.org/forum/viewtopic.php
-
payload_url
http://atualizacoes.issqn.net/6PrbAL.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
JaffaCakes118_462c6a01e22908c84c555a58e966cab5
-
Size
178KB
-
MD5
462c6a01e22908c84c555a58e966cab5
-
SHA1
0952a1b6fc79fd0a1863aea43323d0c91421d006
-
SHA256
db25b9a4b6c29cfdaf9cba767cc475d65f35f8a8185f8c7dd8e52b083107c477
-
SHA512
eb637b614dc1b5fb4b60259dbf026da38df234f8d915ef063688ad23b697f1bf26ef79bb60b98f3bc31e14277e179c9d5da3f823153aad2ee897d886ce1d66e4
-
SSDEEP
3072:Z7Ok9KPvGP79rbtTocTvni1DR6ZwQX691YR6Sd5bbLZX:X9KHGdbtTzbi1DRyH6nObbL9
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-