Extracted

• • Target

    ab19c4a06c8b2bf7f5c9284a2be652a4_JaffaCakes118

  • Size

    2.6MB

  • MD5

    ab19c4a06c8b2bf7f5c9284a2be652a4

  • SHA1

    436e60116c0bc7b75cb31b0fb782178f3e2aaf50

  • SHA256

    6f57e5066cc57098ef18b76787f2d42b496545a231bd86c863d1e7e3c969dad8

  • SHA512

    fbc528c7a6921c39194870b8018fcc025b11fe83b375a0988c7664d820ed28f5b1a5e35741b0e9aa86dba2de3e584976d3fc9de01ecf530c4ca3a0f6d68936c1

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrls:86SIROiFJiwp0xlrls

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2