Extracted

• • Target

    9c6e9b293c8c46e465709289ac4186f25d1a8b9480cc0af07ac4ec820d7ae0f1

  • Size

    88KB

  • MD5

    088136298a519015abd1def0dbf78247

  • SHA1

    48a62ea37113306701381b69b61397ca9ae10580

  • SHA256

    9c6e9b293c8c46e465709289ac4186f25d1a8b9480cc0af07ac4ec820d7ae0f1

  • SHA512

    5f6193c8e2b82e5004ccb98d580740612ba58bb8b832ca737144f3e7fca14dd879ef13af1631283af08d449ba6e587463f7fabac9052a5fadbdca98f8ea44fb1

  • SSDEEP

    1536:sejtre+llJKZO8urXQZsk/YKqgXDaznKIZkI9VGSjWoxnouy8ScGIE+aBv:3jJ5l58dsaDaLKIZ79VGSnoutKuOv

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2