Extracted

• • Target

    c04a46e308329023f356d2d98289318b68d2a806f0d329487e68ade9cbca3a8b

  • Size

    97KB

  • MD5

    677f436ae024f68cb39943a4e268f360

  • SHA1

    8f2042c8f9d718e9ae925fd5a62c2abaa8c2413a

  • SHA256

    c04a46e308329023f356d2d98289318b68d2a806f0d329487e68ade9cbca3a8b

  • SHA512

    f6853a1f36f525db47b4241abfa7ded8eac42c532e9fdac52468891ef6b329b7c5063fc24c20edc91078c8d8dbe6736bdf3b11035a2f69879235ec3cf31bab85

  • SSDEEP

    1536:7ztJ6brzk6paRMHUOvlea96nN9Pvwjdjuio3wD3l6QQQfIdd:n3qrg6T0OvleaAJIjdjXogD3l/ZfId

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2