Extracted

• • Target

    adcf6bfc5df67cdfeac991a2613f051f_JaffaCakes118

  • Size

    2.2MB

  • MD5

    adcf6bfc5df67cdfeac991a2613f051f

  • SHA1

    c331456ac7fdb2db1cdfe34237114fb635dd3296

  • SHA256

    1c21810faa3b87a5bd1dc27902e99697c1a47c7e2369fea067fd1968b5ee5062

  • SHA512

    12eceab52be39937762c7a2ac30c7da530fc3d54779d30722bdce5a3f8eca9b3638a2a0fa642768781423f5347e1169cfff61472aa1020ee0439db057881c549

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZp:0UzeyQMS4DqodCnoe+iitjWwwN

  Score

  10^/10

  ponyevasionpersistenceratspywarestealer

  • Modifies WinLogon for persistence

    persistence

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Modifies Installed Components in the registry

    persistence

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2