Extracted

• • Target

    aa286207694b893c555fc0593f7656b2b746d960498fd80146c7e70051e5809dN

  • Size

    237KB

  • MD5

    033f28b099638525b08d4fbfdc2870b0

  • SHA1

    38b3683c5368985c2215d5b04ff06e3336f1d03d

  • SHA256

    aa286207694b893c555fc0593f7656b2b746d960498fd80146c7e70051e5809d

  • SHA512

    e63253281b8d246a0c92638ec6041d77e93e1a537a958306e71a112963c32f2d7202e174b043e3724e97c80810d59c59fb0b0a9225bfe4adb66c8a40e1468a3e

  • SSDEEP

    6144:TD/sba2bVaO9ZCyWs/2IxpWamvxlPSCj:TDEePTybVxhmvxlPS

  Score

  10^/10

  ponycollectioncredential_accessdiscoverypersistenceratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2