General
-
Target
JaffaCakes118_2ecfeac70efacffcbbd2e2992797703d
-
Size
159KB
-
Sample
250125-xx6nbsymfk
-
MD5
2ecfeac70efacffcbbd2e2992797703d
-
SHA1
aa601f6f0738079768b55bb68aebebfdb5f3a7de
-
SHA256
04b39e43a5145767687e57ef5ed358b688fe34daf2c41494e7fa74a0c3b644d8
-
SHA512
e987e960cdee43f4d0e964ba752da6f50fe1676d884645989ab7095f750355f87101bd8904a339a82c9667e3dfd47b073157ab32d2bfe5a035a9107e7e1835a0
-
SSDEEP
3072:UB9l6vGVCIV4SsW6o1G1N+aq3mbu1YmquNKWVH:mkMV4SMoQ1EDcSWuNKWB
Malware Config
Extracted
pony
http://ser.mycatsitter.net/forum/viewtopic.php
http://ser.mydogsitter.com/forum/viewtopic.php
-
payload_url
http://atualizacoes.issqn.net/6PrbAL.exe
http://www.activities2go.com/ymZ86.exe
Targets
-
-
Target
JaffaCakes118_2ecfeac70efacffcbbd2e2992797703d
-
Size
159KB
-
MD5
2ecfeac70efacffcbbd2e2992797703d
-
SHA1
aa601f6f0738079768b55bb68aebebfdb5f3a7de
-
SHA256
04b39e43a5145767687e57ef5ed358b688fe34daf2c41494e7fa74a0c3b644d8
-
SHA512
e987e960cdee43f4d0e964ba752da6f50fe1676d884645989ab7095f750355f87101bd8904a339a82c9667e3dfd47b073157ab32d2bfe5a035a9107e7e1835a0
-
SSDEEP
3072:UB9l6vGVCIV4SsW6o1G1N+aq3mbu1YmquNKWVH:mkMV4SMoQ1EDcSWuNKWB
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-