Extracted

• • Target

    8c2dcfd1391a60ef95d575fc8d685bc0_JaffaCakes118

  • Size

    98KB

  • MD5

    8c2dcfd1391a60ef95d575fc8d685bc0

  • SHA1

    e4f40e02ff49d8a238175f2412792fcc12455b64

  • SHA256

    e92e54eebc5fdbdd688435f93d5ff6d625bc33765f374ad402a834ca06ac4c28

  • SHA512

    3a9a808c1545e300a5228c696702dcab0583053759f8ce21a5949d2f36a417a48bd2f711e89e7f04ddf5a3617f017fdf147a3af9aaffa0b11a39c806d7ea5758

  • SSDEEP

    3072:4tEMHbQzvOTRhbe/wqNEcdlEiouJ8ElUL2I8fEn2OJ:4HbqO9de/rNEcd3ofElUT2O

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion
  behavioral1behavioral2