Extracted

• • Target

    55dcb1e51022766feb31f0833bae2567ee8b7a9b10b13a1c7cea9f4aea98d752

  • Size

    75KB

  • MD5

    d4f2c4a3a06b05209d9887ef3c0c06cc

  • SHA1

    1377627d287d60a6c05260badf536e15b7c5d56a

  • SHA256

    55dcb1e51022766feb31f0833bae2567ee8b7a9b10b13a1c7cea9f4aea98d752

  • SHA512

    eda44b63925112f8e8b10627416cfbf24d4678d66198bd212d63e111b42eef053d311af26aaff72129c1425dbcc051c32352554122a45e984d4c31065152e0f4

  • SSDEEP

    1536:YFQdnQ89enKec7vuTv5ATXQunp3XEvQRsR70nouy8KaK5+fDitaLGCa4t:Y6dD9D1MvuTXlkvGsR7EoutKaK5+fuYl

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2