Extracted

• • Target

    7d48788255b2d00b291ebe56833a1778_JaffaCakes118

  • Size

    34KB

  • MD5

    7d48788255b2d00b291ebe56833a1778

  • SHA1

    35e156ffffcd9b2be8bff9c8ea96f12c6da6af96

  • SHA256

    a1d21de5c2a0cea04c4369ff98d30b3ebdd46f070e4f324e44a2cbdb7151192d

  • SHA512

    ac9ad41fe905ba0db188f1e1adf7708379fc200d23628701e2bee404abad6fa7e34e4cd7fc075c805f92d6aa7ce8a881b9341f265acce4e71a17fb504028edb2

  • SSDEEP

    768:1oxLUQIjTOqmIHXNCJgfyB6o4L7q8ls42aFXRJnfsj7saF1:+xLtEX+B6oCq8C42aFh1f8h1

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2