General
-
Target
JaffaCakes118_4f810b53373674d53eadf81141732a01
-
Size
93KB
-
Sample
250128-1bdbfasjct
-
MD5
4f810b53373674d53eadf81141732a01
-
SHA1
f947daa3d14cb80b092729a27961c6de1cde9bb1
-
SHA256
444e7637b41eb68d3c287f60a4a6479f419ef0dd83aad8dac582341419e0fe3d
-
SHA512
b381f04c519e7456cbad40bf113e2dcd60fd81b99c4751b833d8e4f8477d95b52aa5fb234e6b2081d4c601f2d1c71ba94d1130b2e726cc9c58fc94da4fd73d4e
-
SSDEEP
1536:kpeyrW0V+0KyKeo/vRMa7otBccIY9PHPdWK3Pbne3jbxI58YXYFuaXcHj4Xs:k8yrW0IbyKDRUtBcK9Pv/3je3jCmuMuC
Malware Config
Targets
-
-
Target
JaffaCakes118_4f810b53373674d53eadf81141732a01
-
Size
93KB
-
MD5
4f810b53373674d53eadf81141732a01
-
SHA1
f947daa3d14cb80b092729a27961c6de1cde9bb1
-
SHA256
444e7637b41eb68d3c287f60a4a6479f419ef0dd83aad8dac582341419e0fe3d
-
SHA512
b381f04c519e7456cbad40bf113e2dcd60fd81b99c4751b833d8e4f8477d95b52aa5fb234e6b2081d4c601f2d1c71ba94d1130b2e726cc9c58fc94da4fd73d4e
-
SSDEEP
1536:kpeyrW0V+0KyKeo/vRMa7otBccIY9PHPdWK3Pbne3jbxI58YXYFuaXcHj4Xs:k8yrW0IbyKDRUtBcK9Pv/3je3jCmuMuC
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-