Extracted

• • Target

    1d6fc57ce62abbfcb71dd9316483a0cdaf5d9082dc6f96273b43539b497cebef

  • Size

    80KB

  • MD5

    d4582b66aae86a19924e2bd10fd5fd4d

  • SHA1

    9ee707908459e18786328b7e8d956a147e560570

  • SHA256

    1d6fc57ce62abbfcb71dd9316483a0cdaf5d9082dc6f96273b43539b497cebef

  • SHA512

    98dd2720736ed091bdd40aac71a692709bf749beceedb28e50013b8f66d1fb731e7dd9a123b548d4af33e040b1f66d30a38d73e37e6c09628c7bc343eb0282fe

  • SSDEEP

    1536:gT3R9JoBweQzcKxv7kua1Y1z2QOwH9z4LP6cnh1mcXAnouy8Et2RL:URDoeeVUkuR1z2QOA9z4LP6Qh1nXoouD

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2