General
-
Target
JaffaCakes118_98e003468b2b62145ecd30768804fcef
-
Size
92KB
-
Sample
250117-2f384awkap
-
MD5
98e003468b2b62145ecd30768804fcef
-
SHA1
877a8da8b61dcf802249503eb267aa8de1fd5988
-
SHA256
2a4f02edbb0d31e7f176091dafb086e5ee18d7775b75bba8b67257967a952895
-
SHA512
ec5904d4f726c142dab0bfc299fa060b9bac1ade709475b005248e24494af58db03fd1634e257f91ff6450d3051df1c1b96d4b7ca23d1c8f77f4e44c917b554c
-
SSDEEP
1536:g9hG7ZPqr/qqchsxCDI9DtEFc97dTk1geptX07lbgI4B36zDqytFLXHctTODA2gg:g6N47csgDSyFcDTOgevfI+3G/tFzHUTy
Malware Config
Targets
-
-
Target
JaffaCakes118_98e003468b2b62145ecd30768804fcef
-
Size
92KB
-
MD5
98e003468b2b62145ecd30768804fcef
-
SHA1
877a8da8b61dcf802249503eb267aa8de1fd5988
-
SHA256
2a4f02edbb0d31e7f176091dafb086e5ee18d7775b75bba8b67257967a952895
-
SHA512
ec5904d4f726c142dab0bfc299fa060b9bac1ade709475b005248e24494af58db03fd1634e257f91ff6450d3051df1c1b96d4b7ca23d1c8f77f4e44c917b554c
-
SSDEEP
1536:g9hG7ZPqr/qqchsxCDI9DtEFc97dTk1geptX07lbgI4B36zDqytFLXHctTODA2gg:g6N47csgDSyFcDTOgevfI+3G/tFzHUTy
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-