General
-
Target
2a6dc339c265f53cb657c75ae2500456_JaffaCakes118
-
Size
196KB
-
Sample
240708-bc823axbpg
-
MD5
2a6dc339c265f53cb657c75ae2500456
-
SHA1
93d9d147c0834cbb8101ace8648b14f1292340d8
-
SHA256
ac8efbeeb7cb136d3bcc79dd75370091f24fb6b1f40ac8d19d194ac8e5c38ad4
-
SHA512
ff9164cd07a5a2132c6c1b096b5549634aa8eb124a2d592df7f6b879f80063332788f47f2b5f2f182f50ab4fbb4d73d8d841ea3b3be2fe3009f799fc07d72a03
-
SSDEEP
3072:Ep3Q112etuWcuV9RsglikUjF5aqHaG1kKU:j1FwaRDitdHXW
Malware Config
Extracted
pony
http://etsiunjour.fr:81/pony/gate.php
http://66.175.211.129/pony/gate.php
-
payload_url
http://www.sarzz.com/04FBXY.exe
http://dermografite.com.br/CUiE5VBZ.exe
http://bezproblemov.sk/p2c.exe
Targets
-
-
Target
2a6dc339c265f53cb657c75ae2500456_JaffaCakes118
-
Size
196KB
-
MD5
2a6dc339c265f53cb657c75ae2500456
-
SHA1
93d9d147c0834cbb8101ace8648b14f1292340d8
-
SHA256
ac8efbeeb7cb136d3bcc79dd75370091f24fb6b1f40ac8d19d194ac8e5c38ad4
-
SHA512
ff9164cd07a5a2132c6c1b096b5549634aa8eb124a2d592df7f6b879f80063332788f47f2b5f2f182f50ab4fbb4d73d8d841ea3b3be2fe3009f799fc07d72a03
-
SSDEEP
3072:Ep3Q112etuWcuV9RsglikUjF5aqHaG1kKU:j1FwaRDitdHXW
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-