Extracted

• • Target

    e6b6af3fa3af6e9f4ae44fce90988389_JaffaCakes118

  • Size

    556KB

  • MD5

    e6b6af3fa3af6e9f4ae44fce90988389

  • SHA1

    bd325fdf83d8c2d37f04163a07d3ec8eea58bba9

  • SHA256

    b2050e70dd2d045b445e372f31e83215291e2128b95461498c91de7d6f82e3af

  • SHA512

    88a68cfac89f56a8f9c680de1de47c51125e7dc266592978a39dd145aec190b33d5d5cf5b437162235351c1cb4a1909d8a1d47fc65d372615a9ed898f3675558

  • SSDEEP

    6144:xIoSRgtpfD2ywM9r6o/AT59zMXd509EdXYH0U5p4:xwCfD2A9mS859YXdKgn3

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Drops startup file

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2