General
-
Target
JaffaCakes118_949f6b8d2c0865417fc0524309273013
-
Size
151KB
-
Sample
250117-xjw7qszkfs
-
MD5
949f6b8d2c0865417fc0524309273013
-
SHA1
1341a6a47cfdd740e1d3e537652ac24c4a78b891
-
SHA256
d9de28278d0abdefe6ebe52ea392c95a8b32290f609d009b14a7241e47ca9270
-
SHA512
67ba8ecdf08c2f4601b229488382694ca954cd2332bc846aacb375463e975431c4f87e334ac21e5d361c5ac42bc9e1cac864f928f5e2964224b5c75f708d5eff
-
SSDEEP
3072:Ps67Ti4FF9m3/STVzHKQlj0vKCBLl9D/Ob3qIyH43nHwuw:Ps6Xi4FvisnYC0LjDGGNHGQx
Malware Config
Extracted
pony
http://pit-repair-dock.net/forum/viewtopic.php
http://pit-stop-dock.net/forum/viewtopic.php
-
payload_url
http://3073.a.hostable.me/Z2U.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
JaffaCakes118_949f6b8d2c0865417fc0524309273013
-
Size
151KB
-
MD5
949f6b8d2c0865417fc0524309273013
-
SHA1
1341a6a47cfdd740e1d3e537652ac24c4a78b891
-
SHA256
d9de28278d0abdefe6ebe52ea392c95a8b32290f609d009b14a7241e47ca9270
-
SHA512
67ba8ecdf08c2f4601b229488382694ca954cd2332bc846aacb375463e975431c4f87e334ac21e5d361c5ac42bc9e1cac864f928f5e2964224b5c75f708d5eff
-
SSDEEP
3072:Ps67Ti4FF9m3/STVzHKQlj0vKCBLl9D/Ob3qIyH43nHwuw:Ps6Xi4FvisnYC0LjDGGNHGQx
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-