General
-
Target
JaffaCakes118_4442f9186ad986fde18303bd7d10d363
-
Size
159KB
-
Sample
250127-2ekelaykgl
-
MD5
4442f9186ad986fde18303bd7d10d363
-
SHA1
4302450ab41ef26374908f2d01ae8da0ebb50ad8
-
SHA256
25bece4245582edf770b203b100d90ebe5888de026c4852ad3e5f293e6a1e5a6
-
SHA512
fe541a1993e80b2453e95998b8eabc30d89311ac33d3a66d847f4653471cd078ca11bf3bfd4a41748dac067282871e9dda5bf9191b502a3bd69c8b9636bb7b7d
-
SSDEEP
3072:p4W2hYZVSmFm7TfRCcdXHwjNIO2BQuKZzBw26B:Q+VrzcNHeIr41wF
Malware Config
Extracted
pony
http://akamaifilms.com:81/pony/gate.php
http://alliedtitanium.com:81/pony/gate.php
-
payload_url
http://metearici.com.tr/e7S8kmm.exe
http://dermografite.com.br/CUiE5VBZ.exe
http://bezproblemov.sk/p2c.exe
Targets
-
-
Target
JaffaCakes118_4442f9186ad986fde18303bd7d10d363
-
Size
159KB
-
MD5
4442f9186ad986fde18303bd7d10d363
-
SHA1
4302450ab41ef26374908f2d01ae8da0ebb50ad8
-
SHA256
25bece4245582edf770b203b100d90ebe5888de026c4852ad3e5f293e6a1e5a6
-
SHA512
fe541a1993e80b2453e95998b8eabc30d89311ac33d3a66d847f4653471cd078ca11bf3bfd4a41748dac067282871e9dda5bf9191b502a3bd69c8b9636bb7b7d
-
SSDEEP
3072:p4W2hYZVSmFm7TfRCcdXHwjNIO2BQuKZzBw26B:Q+VrzcNHeIr41wF
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-