Extracted

• • Target

    c94c2ff9b5d0bb9d144c3a6625d9062c_JaffaCakes118

  • Size

    100KB

  • MD5

    c94c2ff9b5d0bb9d144c3a6625d9062c

  • SHA1

    34ce134ed5c2634535e722d7eb4fd4197b19220f

  • SHA256

    ef9da77c58fef5b0e5856f61e8bbc61a2258dd727f0ae323d3a400606253ce3e

  • SHA512

    47bca2195b2c575e2933a1713031614312d88c27a48250a54b4857c0b1f0b5ebe5a86b1b605ad4ca6e0be107de79cee7d3d42f65dce03b7bfa1f583c0cfc3ce5

  • SSDEEP

    3072:WC4hcvDwc3TndJFGjaTTG3SiSX6ACAck:N4ho337dJFM+a3OvCAc

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2