General
-
Target
JaffaCakes118_dace2f14d1d67de004dae1cb4e0dd9f4
-
Size
93KB
-
Sample
250120-d4wl6ayrbv
-
MD5
dace2f14d1d67de004dae1cb4e0dd9f4
-
SHA1
3ce52f25d5450ed8df202180d3cc6464d5340ea7
-
SHA256
2ab015e770a513522298bde623ffeddc4b90d9efe9424b8053cfa2f3ffe7a53f
-
SHA512
a0d9bba63596cfcddefbcc0d59f20d67ea035831b74316b7fe9d113e263c88b74fe162d1ec0712a15fcb0dfb635fab7cd247290ad812a464491155543353cf24
-
SSDEEP
1536:eWVVGyDtIIBoCO0Vb9KaQudotQ1tdl3x3qB1pvfSeYBidDq2o2vK+kY3TilCXfjz:hltIm00ZwaQg1zdxovfS7QdDgWKM32Mv
Malware Config
Targets
-
-
Target
JaffaCakes118_dace2f14d1d67de004dae1cb4e0dd9f4
-
Size
93KB
-
MD5
dace2f14d1d67de004dae1cb4e0dd9f4
-
SHA1
3ce52f25d5450ed8df202180d3cc6464d5340ea7
-
SHA256
2ab015e770a513522298bde623ffeddc4b90d9efe9424b8053cfa2f3ffe7a53f
-
SHA512
a0d9bba63596cfcddefbcc0d59f20d67ea035831b74316b7fe9d113e263c88b74fe162d1ec0712a15fcb0dfb635fab7cd247290ad812a464491155543353cf24
-
SSDEEP
1536:eWVVGyDtIIBoCO0Vb9KaQudotQ1tdl3x3qB1pvfSeYBidDq2o2vK+kY3TilCXfjz:hltIm00ZwaQg1zdxovfS7QdDgWKM32Mv
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-