Extracted

• • Target

    039bab015d89155d767947d753514c30_JaffaCakes118

  • Size

    136KB

  • MD5

    039bab015d89155d767947d753514c30

  • SHA1

    63d7c733f3ff8cd19e2ffbac9726a8eaa7e4f7ae

  • SHA256

    0d11b54d17f0c096221ae77ab391c8d8d5943efcf2b4f0eeb184e067c77e4be7

  • SHA512

    d394d23463c32211c44bbf4c9c2b5418a36157300c1de5448b4ec25576050a4871f33c296fbdd8240f03c1ffcb0d8faa1309da244d0e99c4a075d920d571ec69

  • SSDEEP

    3072:5yhcyfvIZwygauba/gzYiIq4Kl8xmhGUD1yiU2TMsoa:5pugZwygauba/f24NxmIrh2Ia

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2