Extracted

• • Target

    b974bec2f4c4ae68cfe1a6c1aa5e6380_JaffaCakes118

  • Size

    97KB

  • MD5

    b974bec2f4c4ae68cfe1a6c1aa5e6380

  • SHA1

    5455f14fdc5d36b019e95200e2f40af906004e0e

  • SHA256

    7f9b443566988f56e71822c26e5faf9aa6f16fec8bb02ddf8bb813d55ca9e052

  • SHA512

    d4e743fef4198808c2ce27a5e73f4f36a5b8ca0bbd9c56889d6c7a6e931443c00d9ad7b73d09552b3a22b94f76b9ec5882ce99889a1f388cba1b30ada7e4f1db

  • SSDEEP

    1536:64mQaw69uWYuM0PXxe4/ZdX0P4AC7k0SoaeWQZUNkPww+Me3wMWx+Sii:6fYhIxe4/ZdX0PB6VnaIWNpbwcS

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion
  behavioral1behavioral2