Extracted

• • Target

    96b72cdd50703521a9c7f88dbcb45095_JaffaCakes118

  • Size

    2.2MB

  • MD5

    96b72cdd50703521a9c7f88dbcb45095

  • SHA1

    346afa1ec7e1deb9807c593c107a3b6177a63277

  • SHA256

    7e075b6ce53029d2338b0c8fc521697724d4830593ff232d777cea29589c6854

  • SHA512

    59a327707be1519930e28732718ea6e7c9e818692472bf6fa2b3b2a0d9d442fc681af043a06fd48a13ee261df47947e6ad9d2db493b92b2ee2a5e18189eb36a3

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZx:0UzeyQMS4DqodCnoe+iitjWww9

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2