General
-
Target
232ef76267d35a3a9fce1b6f4bb2c9e5_JaffaCakes118
-
Size
107KB
-
Sample
240703-vydmtszdpr
-
MD5
232ef76267d35a3a9fce1b6f4bb2c9e5
-
SHA1
349be6a6412d3e8bf7e7b37400e592292bf17833
-
SHA256
0918912a0ec227a3a417278a3bf80c8687fddb8f6128c8a5742969a5eb8265ee
-
SHA512
4160043d230a8f4acb313556d9e14fd96194360797010fbfebfd297d290d213675c3146c53002d5ac0ab68fdb5cd6a6932fa5888df129ab82cdb3b963f863612
-
SSDEEP
3072:BwZU77g7CHJYC+J+ld80KC7dDXOxYVBHtG2jYYnBKs1B:c6ggT+J+Pl7p/HBdnZ
Malware Config
Extracted
pony
http://91.121.84.204:8080/pony/gate.php
http://91.121.93.178:8080/pony/gate.php
-
payload_url
http://89.200.200.24/9KPYQZPZ/2i1Z.exe
Targets
-
-
Target
232ef76267d35a3a9fce1b6f4bb2c9e5_JaffaCakes118
-
Size
107KB
-
MD5
232ef76267d35a3a9fce1b6f4bb2c9e5
-
SHA1
349be6a6412d3e8bf7e7b37400e592292bf17833
-
SHA256
0918912a0ec227a3a417278a3bf80c8687fddb8f6128c8a5742969a5eb8265ee
-
SHA512
4160043d230a8f4acb313556d9e14fd96194360797010fbfebfd297d290d213675c3146c53002d5ac0ab68fdb5cd6a6932fa5888df129ab82cdb3b963f863612
-
SSDEEP
3072:BwZU77g7CHJYC+J+ld80KC7dDXOxYVBHtG2jYYnBKs1B:c6ggT+J+Pl7p/HBdnZ
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-