Extracted

• • Target

    b6cc2bb6cf2f0ce8dd6f45de0515bc90_JaffaCakes118

  • Size

    94KB

  • MD5

    b6cc2bb6cf2f0ce8dd6f45de0515bc90

  • SHA1

    f56dbc0ec568a78ce3daef2117337ef4632b6120

  • SHA256

    26827c1bd3c5933dfed1b971fe932907cd1914cd0df8e4c06c3f8753aab72c6c

  • SHA512

    a5ce33bfad32cd9e6c6656a9a4b51fc5fcbc656ec8885a24a1cc010a02e0b34d3f5ac58bf249cadcdc0d81fce644d54cc0c8f30811ac2875770dbe706c004a2f

  • SSDEEP

    1536:fQNHMsjm7SQCNH1an5f6wsMvgvC4ruQqZNrzLfn3faEWkXH7l6uS2x:4NHI7STH1an5f6wXvg64rJYN7fCV456j

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2