Extracted

• • Target

    e2823b0f877029032af9c40f90dae38d_JaffaCakes118

  • Size

    161KB

  • MD5

    e2823b0f877029032af9c40f90dae38d

  • SHA1

    7c9735f2eb82e687abec78e3cdabac1349eb5694

  • SHA256

    b245039b984ad14010970b88d352c7838e29682592cbb6e0ac202bdea4cf0da7

  • SHA512

    53ea926bf620a6e082c1715137980951090bcbc05e7de5740c4560b203731b936479444663d9c5106ab716b70abccb51a60090b2e203702d2ed4595d7ee6ef9f

  • SSDEEP

    3072:siTLZhs0uDI0rAfOXl+y+uql/GOtsrVrqhTqndtndhndKnd9:HTLFuD6fOXlql/GLJrqqndtndhndKnd9

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2