Extracted

• • Target

    fd50638f7ad2f29ee0ca1ea6f4095c4a_JaffaCakes118

  • Size

    156KB

  • MD5

    fd50638f7ad2f29ee0ca1ea6f4095c4a

  • SHA1

    aa5b387b9f6326cd1a23bd0495e86115732d922d

  • SHA256

    5b96eb35c64411c44bf6276b6f136814b635f016fa99f2b929da498e313a0689

  • SHA512

    93d3e34f85c0a792dd34ebcf848bbdba65ece2ee89b3369e1c2d2535ce4a09a8000e82e168056d894140ee067e665219c83973faedac6da1e2e7a0c5b2221dbe

  • SSDEEP

    3072:wgZSh3pjMxPRUj+Taqerx92dXP7rf94QX3KHc:FZSx++q69EXvfyQXaH

  Score

  10^/10

  ponycredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2