General
-
Target
JaffaCakes118_5ff6f3956e77d120aa61978d36b668da
-
Size
93KB
-
Sample
250115-x84ywasmey
-
MD5
5ff6f3956e77d120aa61978d36b668da
-
SHA1
2cda1be73d27276883824d4f97caca13a9437dd4
-
SHA256
1256c3d7d875438b890556a5be36f9ea406d12afa187b72904432c7734b550ad
-
SHA512
8e701ed0e3a3dd964e59b7ed5e81890040a3b36a14beb2d9255eeaaa83c96241ea95d35922b17d3e875fd5886d4fd4bcff34b5b78639c20ca50fd9652c9e2da3
-
SSDEEP
1536:pUFGlZuvKcQ3ISmH9mMXpU2b1ILbufAPDarqjKx51WyzQEn6DP9Z54IfBmhGlNWa:6mDIn9hp3qLSYPDAz7WSn6D1b4IfAhBa
Malware Config
Targets
-
-
Target
JaffaCakes118_5ff6f3956e77d120aa61978d36b668da
-
Size
93KB
-
MD5
5ff6f3956e77d120aa61978d36b668da
-
SHA1
2cda1be73d27276883824d4f97caca13a9437dd4
-
SHA256
1256c3d7d875438b890556a5be36f9ea406d12afa187b72904432c7734b550ad
-
SHA512
8e701ed0e3a3dd964e59b7ed5e81890040a3b36a14beb2d9255eeaaa83c96241ea95d35922b17d3e875fd5886d4fd4bcff34b5b78639c20ca50fd9652c9e2da3
-
SSDEEP
1536:pUFGlZuvKcQ3ISmH9mMXpU2b1ILbufAPDarqjKx51WyzQEn6DP9Z54IfBmhGlNWa:6mDIn9hp3qLSYPDAz7WSn6D1b4IfAhBa
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-