Extracted

• • Target

    c9e35c5df9b879d5b916b68e6682f218_JaffaCakes118

  • Size

    90KB

  • MD5

    c9e35c5df9b879d5b916b68e6682f218

  • SHA1

    011eedefca1d8790a6b6eda086f304b67a156b79

  • SHA256

    894e7bd73a4025cbfa00ad39830fe034b66093fe6075d74f5e1d0b7037cdbe22

  • SHA512

    336c6dc496aaf94ebe9c58542a3072d171bc767cce68e4b87365a8555d770eaa3fd0336f8cf29cc486c6d11d181f6d8336a0e0c0994807cc8a119512d8f493a5

  • SSDEEP

    1536:oMC3vD4+BqTD9VdyXMyei9sALiZDg8kpK6sO1mLDJTvMEIvskzmzb:VC3U+lX4i9na75OsWEI4zb

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2