Extracted

• • Target

    25749a534879f530f35f5c46415695cc8339ae8b2b6ed38f722e67e8d946051aN.exe

  • Size

    98KB

  • MD5

    9524706d11a0d0221ff6a5883a08bf10

  • SHA1

    f80c11da234f43f04e80604f01e7e9867e401c1c

  • SHA256

    25749a534879f530f35f5c46415695cc8339ae8b2b6ed38f722e67e8d946051a

  • SHA512

    805c428b32a3d4fe76481790ce76fb1276d9ce74735d27c1f9651d983aa330ca10e4b5779501541da7318445ef0f6effac9b8b1a94154dfb0308d2d893c74570

  • SSDEEP

    1536:gqAd5Kb70H+wPcbHS4pNGLsmYTQs/0SoOejxZUdAP7w+MeHEsMW9+/iC999e0T:3we494YYnQ/nOcWdwbkE4/V

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion
  behavioral1behavioral2