Extracted

• • Target

    60e6eab34be118b79a4a43a187fc4f7b_JaffaCakes118

  • Size

    113KB

  • MD5

    60e6eab34be118b79a4a43a187fc4f7b

  • SHA1

    13f50a7fd35fa3ac6ca4489e0d25d5527d0b6e84

  • SHA256

    4e289b44fb5e6e6cab138851090585edb814543e1d5b00a62698d131e19a4dda

  • SHA512

    f39e9df35f1cbb14453b8c86de6328a2a262443bd49e982cfa9e9524aed5d22da9024c617115ce20ce1ea6a2d951a91d3475d7acd7c4633b3154e45cdf0f5c9a

  • SSDEEP

    3072:kTY7VKneohSGZIliR+z4tQPQ6mo4mIMAKo:sgVHodIER+u7MAKo

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2