Extracted

• • Target

    0c51b26628cc951116203f9bddc6a9f0_JaffaCakes118

  • Size

    101KB

  • MD5

    0c51b26628cc951116203f9bddc6a9f0

  • SHA1

    9bd1091f83cfa1c4dba92fedbdc0536801959ef3

  • SHA256

    801b8ffaeffd7d83308037771c2a61d2f13527238b983c64dd5aed2ba453222c

  • SHA512

    cad5dc5e6e8a7a153ee8fad76ec10c5d3425a53773f1874f73d18ab4af7576b9ac378976d821bebe0bb002aa943a60f991fdbab16b3756817f4cb93c81f03112

  • SSDEEP

    1536:J+GSvSL3+FiN8xcMEfKW5Irdg3E0tP//loDN0qH3WEJc5e/YXbU:JjSvSL3+83bfKEIOU0tfaNTlJKe/YXQ

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2