Extracted

• • Target

    10639104e02c0d8c82f9be2f41dc8154_JaffaCakes118

  • Size

    102KB

  • MD5

    10639104e02c0d8c82f9be2f41dc8154

  • SHA1

    31338654b57d89a544bf6ecb4f25d2d600c876a8

  • SHA256

    19553c3601731dcfe6d89772afef78832adf513815681ebb0ffffcac4d3eb7de

  • SHA512

    48a863d14d831c5ba5b4e940470924dae4cab3a5c0ca7e9f6e08d699b68d0b4a38be1fd16c469dc6aba7a203f1304eebae421ee94f240f65391b10e65a0d40cc

  • SSDEEP

    3072:ouw8zkafSHky9gIQhIptjrn01QTTe/h4:oCz7SHky9TdzAQ6m

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2