Extracted

• • Target

    73339cacdb37937c47ea7668ac3a1017.exe

  • Size

    82KB

  • MD5

    73339cacdb37937c47ea7668ac3a1017

  • SHA1

    b32d273a752ad25173e26a110ae05acbabf3f15d

  • SHA256

    d0abb0bd329f13afadfb0bbf6730f2233488b8c6c6f5e593d61d91b20fe8b772

  • SHA512

    6629b294d431b49f7d3272dc0bcaa85eaa2a82f0f3eceea27ff071ff4b7048af2b0a70bed658ad22e53b6d70d239399f477d5a2122d84bb6e28435678eefd41d

  • SSDEEP

    1536:YSSH/BiqTiTQROZFdQ6sPr2F7oW6fQrNZL3cncOaEzSkzmeL:ZS5MvXdfsPr2F7pyQhDOaEzKeL

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2