Extracted

• • Target

    5c62a0588b40a177af811d0cb852bdefJaffaCakes118_NeikiAnalytics

  • Size

    2.2MB

  • MD5

    5c62a0588b40a177af811d0cb852bdef

  • SHA1

    7074f7df784813225a5ea9bb0c853a015b3515b5

  • SHA256

    7fa24f8efba8f60408e6ab9a1b2c314a0eecd654f93df7dbf944a394a81a37ed

  • SHA512

    03a7aaaa62d7a575b7056ea54330c4e5d650eab8b68139a818c1272039143f56fa6c0aec350f03c87cd7bb5e9848a1bc4c45a054f725d304601549ad2e2d0042

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ/:0UzeyQMS4DqodCnoe+iitjWwwD

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2