Extracted

• • Target

    1ddd335f3976259b8aa05abae99fff151adf21895cdb5d6ebd7b4776c1ed49ff

  • Size

    58KB

  • MD5

    8a302c9bbeed3c414f4785802e4a1846

  • SHA1

    86b6777074a49169e6a43d435602178a77667600

  • SHA256

    1ddd335f3976259b8aa05abae99fff151adf21895cdb5d6ebd7b4776c1ed49ff

  • SHA512

    ddaec0895626e1dddb8132e5b1c74c5ef010cc37a3632a2a3f08c0563ed5ac7f2b2eeb2fd9be9fb3d184f788798af0806693aad7a542f851ebb8de0054a5407c

  • SSDEEP

    1536:Wn/Mzq+5hRpfvF7I+KQau+VNON2EmGoj7R00u9HUpmNgsNg:A1+LaXNOCXjt1u9HUIaWg

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2