Extracted

• • Target

    b5d4330129d989156cb6df8fc.exe

  • Size

    702KB

  • MD5

    b85a427b9c8d95d8d7387ca53abc45f0

  • SHA1

    f2653fe0c33d2704647c30e1ffe285c67ecd6e66

  • SHA256

    b5d4330129d989156cb6df8fc9a95e1a45c4d57b8852cf5f720c80a0a6a4935f

  • SHA512

    da053213da2b5e19788ee7a46cb3256482d965dc8523e3ffd757ea182482e57390a9922cb78f5a05defd2b1e3e0e7fb90a465818763351a7898f1a50ec3a45ff

  • SSDEEP

    12288:RquErHF6xC9D6DmR1J98w4oknqOKw59XxYRcjnn+ClOq60XDv8OOTHiBHi:Url6kD68JmloO5TYI1lOq6sb8hTHAi

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2