Extracted

• • Target

    ab44967a87b99eaa15fa71940db9a2ba_JaffaCakes118

  • Size

    2.6MB

  • MD5

    ab44967a87b99eaa15fa71940db9a2ba

  • SHA1

    34040e5693947a90b03186ec49b5f5398e234e52

  • SHA256

    aa861880f6e18f2682b1647ebe54fc51cd62c689fd443e0803fd969b465a2235

  • SHA512

    7618192d7a84eab0992988210ce22f26f0d7761edb76fe423d555a7b966149ec6b162c5838c5166fd59d7fdeb1f42b74c472b16ce2dc338cdc9f89c169601e71

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlH:86SIROiFJiwp0xlrlH

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2