Extracted

• • Target

    payment.exe

  • Size

    620KB

  • MD5

    3b2b3d6095585b2f31674d484d6d34ff

  • SHA1

    393fbd4ba2bc44d647c588c868fd4662dcb7a54d

  • SHA256

    a8ba3f889b509af56ac982f9410bd94a00e26cdef549586728f63fab88fbf0c5

  • SHA512

    a0973df1add80c52e935292ddb86b76f49a24c3a777d1f1618e2e3b4eaffcb214dcd07d1ec644001bc0700d16a1a75c43aa24b9e71613589ed89e202643eee00

  • SSDEEP

    6144:3UEjebs98Z4NBBGDWMKvS8JnWJ1t8N6/G26/Ai9pRwK4kzEqPKu:kPQ6QvS8JWvtK6O2Q79nzEe

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2