Extracted

• • Target

    7024cd7760aa8da38a552b3d97622a7b_JaffaCakes118

  • Size

    188KB

  • MD5

    7024cd7760aa8da38a552b3d97622a7b

  • SHA1

    0c3e138195aef602e17da6f67cf5decb4515d98d

  • SHA256

    4435883af4eccec366e66e36c1cb5ddb880e61e0a777aae4304d470f22ff784a

  • SHA512

    655e7ab89b2ff5030e890c344a7d76d9abad3c1d572d182e2a4070afed8e40a899df0d8c2516f22d06510a09e590b9a319620b5125bdfa1dab541cab3cb1219c

  • SSDEEP

    3072:gRMgCnLqrIKcxoj5QLa+l/a89VfVPbgjjatE1AeuLnoIH30T5:gOBOrIKx5aFl/a8nNzgjjMEmVLoIW

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2