Extracted

• • Target

    acaf043b3edb7cf55fa3982e18a24883_JaffaCakes118

  • Size

    2.2MB

  • MD5

    acaf043b3edb7cf55fa3982e18a24883

  • SHA1

    4210c7bcf095d993978bc406e0041eac85444f99

  • SHA256

    7587c7223914127a7701bf672b93127a1f4e428e0d1cbdde13cba3bda43d2b44

  • SHA512

    0956b05409b4332d806f10df50403187037292e05a4ae190be98f061d1d7f6a6429f63cc4a4ab35ab6a8e042a54abaf69498ac8b3e0f96c26b66a94b5f2d5b7c

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZp:0UzeyQMS4DqodCnoe+iitjWww9

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2