Extracted

• • Target

    80ded254e29d5a936337b1a8c89f5a0f_JaffaCakes118

  • Size

    2.6MB

  • MD5

    80ded254e29d5a936337b1a8c89f5a0f

  • SHA1

    370c3b043d4b5acd08ef3586f194220a6b6c67ee

  • SHA256

    08693f9818f25f0af5cee7397ec07b974451ebcc40e58f7f86efaf652f02c05a

  • SHA512

    46b519fa3c9e822347e6af41b75196a81472a3e364c736ee912e0a5450dc650c1df76c7ec89ee3f0cf16f7e604cde1ecd8056b2ad74adbc1c3d75e91e04ef78d

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrly:86SIROiFJiwp0xlrly

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2