Extracted

• • Target

    a2ed99114ea4889a7a464bb751af5bf0_JaffaCakes118

  • Size

    2.2MB

  • MD5

    a2ed99114ea4889a7a464bb751af5bf0

  • SHA1

    ead6263b94a306ed340551d2dcdb1d2c8ff4b40a

  • SHA256

    67ec5065d1467386a089325085c6dbd62d2de09a1ea371e665f8eddda39dfdcf

  • SHA512

    e431e3ddabca52828b746ade569ac5c30a3030fe679523eaf81b3d8e7459ded4ffe8681f60adb70cb89e7fefb1d1af727f6ef3b2170515c74f970002b33b8aa6

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZA:0UzeyQMS4DqodCnoe+iitjWww8

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2