Extracted

• • Target

    a4dc8e033c8669cec5fb98ff7480c3c0_JaffaCakes118

  • Size

    91KB

  • MD5

    a4dc8e033c8669cec5fb98ff7480c3c0

  • SHA1

    da27f465e7abad875978783c34b126cb3f0e4844

  • SHA256

    c56a63b251c410fd9b46e96f76c2f7e2ec1648f4488f42b1c8d533b8c9d9703d

  • SHA512

    737ff21a77d8eed443caa441b59c627c2749c629e73e1882c2608cd592019ee77f04cc0c5270322ad9e57b2d9dd9d567791b2946b65b5be723b2a9f8d5159c87

  • SSDEEP

    1536:xnTJWl8q6i46bo5Kj2WceuxrK+Zo6tnV701zqBtYP8q62CjoWeI4x6n0YBC:xQ2iLvjuKJ6F64BtOmZte/Eg

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2