Extracted

• • Target

    16f791b926064936d96c31aa34d9d888_JaffaCakes118

  • Size

    101KB

  • MD5

    16f791b926064936d96c31aa34d9d888

  • SHA1

    b9670993e7dbf5cdf89e4afe547313f33db5fb30

  • SHA256

    91a8577763e44721affbdfbeae792f2b714d023bc0091019c5a596104bac0ec8

  • SHA512

    647483b194592e5c66800b142c1fda2dc2fbef83da765dd39582bb2849f75d3c18a4bcb0c995d8358d0858899cf8ad7dfb22e8a6ffc55a51efb7fb3b7a03896b

  • SSDEEP

    3072:VYLrB9uQMopnTHpzW+w65l6MjrpB6EGx:CB9SoNTHp3w+ljjrpZG

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2