General
-
Target
JaffaCakes118_6200987ea141151cc4f5b601cc7de8df
-
Size
93KB
-
Sample
250130-m2k73s1ldm
-
MD5
6200987ea141151cc4f5b601cc7de8df
-
SHA1
bc7f49685c389f4717e80b4c623cfb38852c3801
-
SHA256
39782b2c58f55d8175d8e870a5cbde4e32cb36e19325bcb6877c32d206c9388e
-
SHA512
b88b191bd573ebddd56f89b299bdf98f2ae6cab042c0fd1bef1578adeefc94b97aea68e78948d266f60970b566436d09e7121989ede31d03dcfc2e3829ea647a
-
SSDEEP
1536:vzJcq1Wxsl2s8j0RSzUqnR5jqAOX7vC8p8iOZp0/E7bUXe/jq00TlCUnTlMmPvmc:LDis8s8YRSzFRZoR2Lp0/E710ppTlLsm
Malware Config
Targets
-
-
Target
JaffaCakes118_6200987ea141151cc4f5b601cc7de8df
-
Size
93KB
-
MD5
6200987ea141151cc4f5b601cc7de8df
-
SHA1
bc7f49685c389f4717e80b4c623cfb38852c3801
-
SHA256
39782b2c58f55d8175d8e870a5cbde4e32cb36e19325bcb6877c32d206c9388e
-
SHA512
b88b191bd573ebddd56f89b299bdf98f2ae6cab042c0fd1bef1578adeefc94b97aea68e78948d266f60970b566436d09e7121989ede31d03dcfc2e3829ea647a
-
SSDEEP
1536:vzJcq1Wxsl2s8j0RSzUqnR5jqAOX7vC8p8iOZp0/E7bUXe/jq00TlCUnTlMmPvmc:LDis8s8YRSzFRZoR2Lp0/E710ppTlLsm
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-