Extracted

• • Target

    167dd56fb26aa5466c3485366fab51f5_JaffaCakes118

  • Size

    75KB

  • MD5

    167dd56fb26aa5466c3485366fab51f5

  • SHA1

    b2bb25c81edb843c3df8e4863ee3127328f9bc7c

  • SHA256

    db9c544407cf5ed329562e3c0830f18c6e0f1f716942970e114c4947d48b484e

  • SHA512

    642bd14bf22330882a9897dd727d6641e69b9bf0dd14428daf6794df91e32639b5fc9a953311fee494242ec6f77b6694b81f1d94bc4bdddc29a37921dd3ca325

  • SSDEEP

    1536:dHxzqIfhbp1pD7bhg3EhzASQDQdie3xZaDc3wU6spUDoPqBYRpNg1JhcQAz1jr+W:phg0hzASQDQjBoDcHUDIq4ng1JhwBjh

  Score

  10^/10

  ponycredential_accessdefense_evasiondiscoverypersistenceratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2