Extracted

• • Target

    d088a5d6d863ce392960ca3be1f221d0N.exe

  • Size

    129KB

  • MD5

    d088a5d6d863ce392960ca3be1f221d0

  • SHA1

    ed4abeca2ab95865dcb4fe15547e10bb3a8a70f4

  • SHA256

    fb3c8bc0a2e39ae1a0cdcfc039a954c9cb99dc8b6a75b874db37a8042ca74230

  • SHA512

    b6ffce6dad310cf2551640278e02a176732e8f0213dbdccfcf41867ac973626ac89973165a5e1416eb0f18adddba21736d2bf5d73380bba12843c705978ff097

  • SSDEEP

    1536:UUBiFqtXmPmgC9TcvLci0wLOQqOZD03XuCLMw+ucYmOI3JVgRY4ecRmBCaOD9RMi:UOn16mg2TW9vOy+nuq4DVkr3R/jrMf

  Score

  10^/10

  ponydiscoveryratspywarestealercollectioncredential_access

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2