General
-
Target
JaffaCakes118_a571ba6ec53cbd336f338091cecb5c3a
-
Size
93KB
-
Sample
250118-kxq7eszkbn
-
MD5
a571ba6ec53cbd336f338091cecb5c3a
-
SHA1
514aedd759657e8b5acbe719b780195b315c4a49
-
SHA256
1b28e541dbe2870f91be9b37b1f38afd550b8c84b7c5f665beacfec566cc24bf
-
SHA512
37386f61bac3bb04b20ef7106e81be1f0437208b3d9ab29478282f8caded9e9ec97ca08eec1715fe91b6392b146b145c05a1ce79df5f2015a4aceeccae066c90
-
SSDEEP
1536:l83g7053hOiby/xuDRz1gx6BtaTd+qlW2Sc5tvLeBjhNbSl2hujZdAO:l+NhB+/hlZLMaNLk1g0cAO
Malware Config
Targets
-
-
Target
JaffaCakes118_a571ba6ec53cbd336f338091cecb5c3a
-
Size
93KB
-
MD5
a571ba6ec53cbd336f338091cecb5c3a
-
SHA1
514aedd759657e8b5acbe719b780195b315c4a49
-
SHA256
1b28e541dbe2870f91be9b37b1f38afd550b8c84b7c5f665beacfec566cc24bf
-
SHA512
37386f61bac3bb04b20ef7106e81be1f0437208b3d9ab29478282f8caded9e9ec97ca08eec1715fe91b6392b146b145c05a1ce79df5f2015a4aceeccae066c90
-
SSDEEP
1536:l83g7053hOiby/xuDRz1gx6BtaTd+qlW2Sc5tvLeBjhNbSl2hujZdAO:l+NhB+/hlZLMaNLk1g0cAO
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-