Extracted

• • Target

    fareit_66e900538312843862ddf2686ccdd8b8926957d29139a2eaf66f2cef4a33a521_payload1.exe_.exe

  • Size

    479KB

  • MD5

    3f95cd9aaa3e666072aa031bb8e444ab

  • SHA1

    a892e4b7ede93e63cdfc34bfd573843910ac505f

  • SHA256

    e9772b945a731b447725680b8ef8b8252c2bb19931005718a8711ae527d532ba

  • SHA512

    9943d6bd3b97949d906d884a4a36ec812ee3d712c617fa9420445fa90a76703c0d34fdbe1d280fd95551e95342e044cc88eb563241953b140ddd08f4409dfcf7

  • SSDEEP

    1536:TI9NpX5ThqTF4QwPTvUZUzU/r6Jshf1w9oKVBZUOPauTvWkzbkRr/bYRXDr2U:0fB5TfrYUzUj6JsvsyOycor/oX32U

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2