Extracted

• • Target

    7912866b72307178fff8fee003bb5d3b_JaffaCakes118

  • Size

    2.6MB

  • MD5

    7912866b72307178fff8fee003bb5d3b

  • SHA1

    dadd7948d8fc385461490181117b8034bbb70521

  • SHA256

    dea95cb0a6191fddfb2c58b1271ea6354c33c6547c2d7f53f994982a8b30bf7b

  • SHA512

    d1cddc43ba5d155d5b006a1c9e4e2f2395328447d6ff17d3b1351ff3226f7b46720e2192c385e0135e253d5a54bda6cb7c4b852b5f77f43a9a08cbbd0156c69c

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlL:86SIROiFJiwp0xlrlL

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2