Extracted

• • Target

    f119ed491c083dafcb8c513cae118bfe_JaffaCakes118

  • Size

    45KB

  • MD5

    f119ed491c083dafcb8c513cae118bfe

  • SHA1

    c0d334c40b8b7257fafb7095ba4dd39d230c7a1c

  • SHA256

    b1b55368619b97aca939e2edd182d4114e42f8540fe2da5a9b49c82d59b312fd

  • SHA512

    d5b4c736789ecb9c251e93e9143f9f90a32a27a3e2a9f082927acad40aa5dc968fb2b63aa29eb9f313f9a1256f708c17dd2a3f65e928beeb5204feae0ee3d52b

  • SSDEEP

    768:yF8C9rTc/SCRqf4XX3jAJyQohVTxAUnOdSI1/SScyR81gDC0ZlwOF57ZHCpSon1O:9mfcESz4ojTG2MbNoQ81p07hnZHCI

  Score

  10^/10

  ponycredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2