Extracted

• • Target

    4a6864adbea3126c81b50212c1794138_JaffaCakes118

  • Size

    81KB

  • MD5

    4a6864adbea3126c81b50212c1794138

  • SHA1

    84adf247a1889bcd105437b9d2974f99851268c9

  • SHA256

    cfc22613872df48a143b51da2dfac57808225c1b18ad4172a3b5d02683ffec90

  • SHA512

    4bc99fc32fba32ecfad7d7277e21b930f5678ed6bde7891a10d1f2fa0f9273584b78a2102ecda73e0d36a47391297382664c58e8c75a2f31fb8d5d37da976f95

  • SSDEEP

    1536:sN/efOdKwYWakcl2KDXVPvhUOWbfAE8U:4/DKwYWEHhx4p8

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2