Extracted

• • Target

    2c22c1c47874d00c21bbf12cc7554b0c6dc283d72112b59b000deec0d0c5c1f9

  • Size

    698KB

  • MD5

    6210461d248282d27a8aa1df51680cc0

  • SHA1

    f2ebd2954003481d2d05a30d818cf0540d83ef85

  • SHA256

    2c22c1c47874d00c21bbf12cc7554b0c6dc283d72112b59b000deec0d0c5c1f9

  • SHA512

    b0f0cf614944b71ea27a7c732cbb95391ea4f33a7cf0a4d627d762ba1ab2b2fe843c82baf4eaa42a9b74fb6b1c1f4f1b91cfdd622d4fa352c1f4275a5a2a1f8f

  • SSDEEP

    3072:Aa+63zUk8WkIq3ttKiCV3VFL9e1+4lErHRjhtsUTN0Psc/ZnWybM8K:4b7eUErHRFt3Ks+Zy

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2