Extracted

• • Target

    57d6faa15979db71f55f9f5423a6a912_JaffaCakes118

  • Size

    84KB

  • MD5

    57d6faa15979db71f55f9f5423a6a912

  • SHA1

    e045f7b6286416f6ef52357271bda515465aa917

  • SHA256

    dc3f362e880aabf4f18ef3a5bbb93ca25217a2abffacf46e92e3cfdaf6f51ecc

  • SHA512

    37f6d3c3a97d24b9d2c8e843715a6bafdf91dfe0cc6f248f717f8bbe4573e13ab7324632171d5325b2b9e2974357d54a14c027f1f945cd85f0c423c5fa32c233

  • SSDEEP

    1536:EurTR4UUbBBHFZXPZbGEemFFGkBZyeXHu7/FJeZhmgyaOtWQNhSJr+zHWf0:JeUUVPbGEBFFRjHHsc3GaOIgS58

  Score

  10^/10

  ponycredential_accessdefense_evasiondiscoverypersistenceratspywarestealerupx

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2