Extracted

• • Target

    59493695d80f5530ed1c197ea836d3dbJaffaCakes118

  • Size

    161KB

  • MD5

    59493695d80f5530ed1c197ea836d3db

  • SHA1

    60efde08501ff3cbeb8f3ac8914d7a1e9502a8bc

  • SHA256

    1d7bc20321433b66baaa9e8ad78ff3e11a9e8814775dbcaec89fcac1f253035a

  • SHA512

    5057645e78c70dfcbc6b8872a51f7e0323255bc6c000b56d9d51fded746387dd6dd134bd18f4d1c30d3595fa146d251b40185db76f4a1b16a3b65e300207c24f

  • SSDEEP

    3072:cTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKndI:cTLFuD6fOXlql/GLJrqqndtndhndKndI

  Score

  10^/10

  ponycollectiondiscoveryratspywarestealervmprotect

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • VMProtect packed file

    Detects executables packed with VMProtect commercial packer.

    vmprotect

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2