Extracted

• • Target

    43194060544b66dde7dbfc46ce175545_JaffaCakes118

  • Size

    2.6MB

  • MD5

    43194060544b66dde7dbfc46ce175545

  • SHA1

    cdb06a921efc08c03e8c331bb1480f57621ebb95

  • SHA256

    2bca43e6322a1b2ac0d889cd3ad2de2a730bae67f26ff7296f37b79869702250

  • SHA512

    0ca5290a535d8e3c6368f1a43422ed6fc82735adefe5884de6bdda52bc800d16d4c8d2559f72412f0256388e379f3f2033c04527f14ffcb02beb4d591be92715

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlT:86SIROiFJiwp0xlrlT

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2