Extracted

• • Target

    887680e7bd7b4bd05ffe046a31717198_JaffaCakes118

  • Size

    66KB

  • MD5

    887680e7bd7b4bd05ffe046a31717198

  • SHA1

    90a6cc6a3741085c0ee763ab7959717e3a381d26

  • SHA256

    82e3fbb73e16e1257ce7e1dc58b37536e3acd21d24793222b3cc7637683a6e58

  • SHA512

    e9ca19881ba509908a51e98d7d5df9cc7860a1e716c25f107c7b473b3f5cddccea87c4fb271968367cb54726e807636e2739d5ffdfbb02990caeeb9d41225f2c

  • SSDEEP

    768:LIJZ3K8301QQjdIBiaBac0fqdGL4LoOXP/UFGnxl1+s+qDNxjCsP80NFSf498AwP:Ia8k3IBiaB613ObksFDNJ5Su8N

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2