Extracted

• • Target

    70eea27766f543b33d160a27c5d313e0_JaffaCakes118

  • Size

    125KB

  • MD5

    70eea27766f543b33d160a27c5d313e0

  • SHA1

    000e908224a05af0b34a6155aaaaff8b93239b34

  • SHA256

    4e91c8f0628a3abb1a06cd620f96ecd326d28f608debcc9dc8f9b9bd1d70ba62

  • SHA512

    935a44f72a6164dcc02c429cb29181730bbb8a26ebdbd1ada51b645f1d140232ed510ecdab2745298fa7b06bf25d863f97fedfe8ee0c4bcbbf197ff4bc466e30

  • SSDEEP

    3072:Ezhj1GD/hEhRHC+prj+AMYYfpyB9NKP4/GEwUm9U:Ez2b4c+JjBCyl0Eva

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2