Extracted

• • Target

    c0e3a2bb18e21186b011e561f4eba898_JaffaCakes118

  • Size

    100KB

  • MD5

    c0e3a2bb18e21186b011e561f4eba898

  • SHA1

    46dd08ae41647f9c3aff2cd89f90dbeeb19b729e

  • SHA256

    c26c75d4d67d1b703da1dd17a24070a1acc243fedca14499a280a244156a7a13

  • SHA512

    bdc20488119a8553d5f8b27cbc7440aaace7f721f8fff98c0cd7e62d170e8d1b3636e156a461955c23bdef8acbb22313382c0fa7a921a419b920c698924a3176

  • SSDEEP

    1536:z6Pwdgp6ddqJLUVJpUtcyuwbz8O/NS6yOAebj2pREGp+q5GEMmC88vHTqXBjv:+Pw2KYhypeuwb3NSVemsO1XC88/WBj

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2