General
-
Target
JaffaCakes118_57ab3d942d919b354d2178f34bbdf767
-
Size
51KB
-
Sample
250129-ra8lhsxrfp
-
MD5
57ab3d942d919b354d2178f34bbdf767
-
SHA1
d099ade81b3b93b4c7d3667271a9f461830703de
-
SHA256
807790ee6d2ae1f7405d36864e609bf01ad67669cafb92ad8b4786767146f916
-
SHA512
10bd92e9e5bb8a2e661070c063076972e38211b3708f2a0f95f16afa1a472eec53aacc03d7b94ab7c0b8565536f765eaf5a2c261456e97e555b6b95f8324818c
-
SSDEEP
768:24v45sWzi5qQ8wsfeR3Zf6e/xiRmE3ViWVjQWMR9uq/HRlLvWZyoWpVOWxWPanXa:i5Zzh3wsfqce8v9Qfuq/noEVOWcanq
Malware Config
Extracted
pony
http://ns8iafosjnfuihkcnidkl.org/pony/gate.php
Targets
-
-
Target
JaffaCakes118_57ab3d942d919b354d2178f34bbdf767
-
Size
51KB
-
MD5
57ab3d942d919b354d2178f34bbdf767
-
SHA1
d099ade81b3b93b4c7d3667271a9f461830703de
-
SHA256
807790ee6d2ae1f7405d36864e609bf01ad67669cafb92ad8b4786767146f916
-
SHA512
10bd92e9e5bb8a2e661070c063076972e38211b3708f2a0f95f16afa1a472eec53aacc03d7b94ab7c0b8565536f765eaf5a2c261456e97e555b6b95f8324818c
-
SSDEEP
768:24v45sWzi5qQ8wsfeR3Zf6e/xiRmE3ViWVjQWMR9uq/HRlLvWZyoWpVOWxWPanXa:i5Zzh3wsfqce8v9Qfuq/noEVOWcanq
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-