Extracted

• • Target

    a83c27a32619e36f49cc7c3502bd4e43_JaffaCakes118

  • Size

    2.6MB

  • MD5

    a83c27a32619e36f49cc7c3502bd4e43

  • SHA1

    4d24161a848417e26bf4488cd40f02f83ef6cc43

  • SHA256

    93cf920aa2c41def09a76a43d93d6e867c1d7b8152c1bcbe3d6a80aabc577a83

  • SHA512

    c6576c0c0129cf5e8eb3d5f59548fb241b2f1438c86267ca1ccb63a6b3c459062145e9879b334d67548d874311eb0d5a18b096d1bea8b016e26e8e99a3a5dc35

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrle:86SIROiFJiwp0xlrle

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2