Extracted

• • Target

    7e9dc22a030b8f4986725f5d99edf044_JaffaCakes118

  • Size

    2.6MB

  • MD5

    7e9dc22a030b8f4986725f5d99edf044

  • SHA1

    499f50c585d0a40b1e7669a7fa8d2391389eca7b

  • SHA256

    cd93bfd1de8e8478b1229f804a8baccfd53ed3f1cc7ee087d87ed6c598294b09

  • SHA512

    26e9800c00f19238c6b0a3b5ea0d91d46092c47a11b5a034e7e4abbc775751a1ba35c31c1d847daddd8f1d2dce6369adcdc89ce02c96a6b893ee5c333195a197

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlh:86SIROiFJiwp0xlrlh

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2