Extracted

• • Target

    d7f8954ed02fa4cbdeef54db4198d4d9_JaffaCakes118

  • Size

    128KB

  • MD5

    d7f8954ed02fa4cbdeef54db4198d4d9

  • SHA1

    c907dd7bdb83f4417c9d6d3446b2c589c1451d5b

  • SHA256

    867d62ea7dced10954f1b25ebc8342db4876d797ef8ed287f07c9039be98fb72

  • SHA512

    1504ff70633b5c608bc1ecb4759fd686706ec96bd6403b1ba131437d6f14fd125df8f37146fb0ec66fe2b55af5c8ce75369006503354e93acbf7aa499690d3f7

  • SSDEEP

    3072:GA+hKux9p+gUc0oZDreVKH+2SFAvJW+81k1ImvRMCpJNg:GxJx9ppU4DreVFGJB8GvRMCrC

  Score

  10^/10

  discoveryupxponycollectioncredential_accessratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2