Extracted

• • Target

    Dhl-Information.pdf.exe

  • Size

    146KB

  • MD5

    0596c354d3bc4a70f76e86ac44e5179e

  • SHA1

    de5db12f41c299116aeaf27d1d6b66c1649d3890

  • SHA256

    b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639

  • SHA512

    424ce957cb7631d632ce5f1cb806f9a67a78f8e43f856b321c1f08270148fc92edf921f59fd58e6c3ee999619fef46c2612e8768ace0dbd422abc804fd15626d

  • SSDEEP

    3072:Ws7dFzS0qcFuKAfCw7ntjPGy/gud9T7Pxgvk4C21sr7c85GKdMkvtFx0iuFRQWHK:Ws7dFzS0I9Kej+r69GvXCei7qTTiuaW

  Score

  10^/10

  ponycollectionratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2