General
-
Target
JaffaCakes118_361b104670fac9cf79c51122a662e78c
-
Size
195KB
-
Sample
250126-q8ycrsvjcn
-
MD5
361b104670fac9cf79c51122a662e78c
-
SHA1
a67524446114b37deb0458cb871a844fe5294197
-
SHA256
81d8a69f4ee8a834a9a71a138e5cc1e11bebfc6690256647aea863ce6a76312a
-
SHA512
2c345c02c8139784f0c6be9e9092f2ff391047357305144215650bfc77ea98c9b8e843d0a6e9771ad66c312321e0837eb777e32330a49de8fe658a3b972950ab
-
SSDEEP
3072:r8/nHWY6SjMsK1zzGFxS6jV3RvIxE0YkPAZer:4/SH6R3RvRKUk
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://69.194.194.238/pony/gate.php
-
payload_url
http://download.avmap.it/85qxdKc6/pThNZir.exe
http://tcursos.com.br/HLFohbca/0mwsKDEb.exe
http://advancewebsites.com/mVZtnnSu/DbQip.exe
http://railgrafx.id.au/pRWKeGe8/QBA.exe
Targets
-
-
Target
JaffaCakes118_361b104670fac9cf79c51122a662e78c
-
Size
195KB
-
MD5
361b104670fac9cf79c51122a662e78c
-
SHA1
a67524446114b37deb0458cb871a844fe5294197
-
SHA256
81d8a69f4ee8a834a9a71a138e5cc1e11bebfc6690256647aea863ce6a76312a
-
SHA512
2c345c02c8139784f0c6be9e9092f2ff391047357305144215650bfc77ea98c9b8e843d0a6e9771ad66c312321e0837eb777e32330a49de8fe658a3b972950ab
-
SSDEEP
3072:r8/nHWY6SjMsK1zzGFxS6jV3RvIxE0YkPAZer:4/SH6R3RvRKUk
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-