Extracted

• • Target

    a8555c03211c8d8358a4b5289b614ce1_JaffaCakes118

  • Size

    2.2MB

  • MD5

    a8555c03211c8d8358a4b5289b614ce1

  • SHA1

    4fc22538512b8a89a4034b9ac0b104ca1bf346ec

  • SHA256

    ffbe4e4eb172078d99fdeeb5d82f1313d0dd5fdf613ca9b0eb00d82078ee673f

  • SHA512

    3582bd6fa09731a37a75b9e5c974f0e5a0f839df0e75ac13975064c8ef5b2f100ee6630b95ca26b8ad9602cd5deb26ba09c454717f8643ed54381ee7477f0b4c

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZa:0UzeyQMS4DqodCnoe+iitjWwwG

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2