Extracted

• • Target

    86da123f815a33883c7cabb8f36f7d49JaffaCakes118

  • Size

    2.2MB

  • MD5

    86da123f815a33883c7cabb8f36f7d49

  • SHA1

    2bf66d4468e4082fa67ba00b64967f1d400fbfbb

  • SHA256

    3618ec3b823c2e7dae770994864af4ae233fc15885a33ecfe75dbd363a4a26af

  • SHA512

    14246fbbf270ee6ba58c4ba00d581f63b27f71d469149de53a00d6472c290d0e5f6080f421d1bf5266de55e25668714397d00ec963fbbcec514bb57cdbfa1561

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZC:0UzeyQMS4DqodCnoe+iitjWwwO

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2