General
-
Target
JaffaCakes118_2e207f5d18629650822cb14486979504
-
Size
43KB
-
Sample
250125-wb8p5avqhn
-
MD5
2e207f5d18629650822cb14486979504
-
SHA1
4c6b7c239d7b0ffed6ce69b173cbf0818481f38b
-
SHA256
b4d7994455dfaad62c39953235899f34f4390bcc0f6eb2029702423016f5a847
-
SHA512
f459e1e5056e7c9b973acc7ba312f32e1e6edc4ec950eed9e100c75235c7275deb6b10df0b86fd0c768e47334360bfee065ac2dfba1d1ae5abdb4cf8a23ef6b7
-
SSDEEP
768:+O6RlNQNqBE+chxfTPbRdwutsgRxoK25hJqHS9KeKTR6d91X5SybuP0V7ixXlbQ:6RlNQNqBE+chxfTPbRaqsgRxoKgbxKer
Malware Config
Extracted
pony
http://149.255.99.32:8080/forum/viewtopic.php
http://74.91.119.161/forum/viewtopic.php
-
payload_url
http://umbrellasandbeyond.mivamerchant.net/8kvut.exe
http://pacezdisplay.com/jwsWrvv6.exe
http://rozayazilim.com/EWygTv9T.exe
Targets
-
-
Target
JaffaCakes118_2e207f5d18629650822cb14486979504
-
Size
43KB
-
MD5
2e207f5d18629650822cb14486979504
-
SHA1
4c6b7c239d7b0ffed6ce69b173cbf0818481f38b
-
SHA256
b4d7994455dfaad62c39953235899f34f4390bcc0f6eb2029702423016f5a847
-
SHA512
f459e1e5056e7c9b973acc7ba312f32e1e6edc4ec950eed9e100c75235c7275deb6b10df0b86fd0c768e47334360bfee065ac2dfba1d1ae5abdb4cf8a23ef6b7
-
SSDEEP
768:+O6RlNQNqBE+chxfTPbRdwutsgRxoK25hJqHS9KeKTR6d91X5SybuP0V7ixXlbQ:6RlNQNqBE+chxfTPbRaqsgRxoKgbxKer
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-