Extracted

• • Target

    d465d9c31130a4005b93d0d7ced5f4ad_JaffaCakes118

  • Size

    105KB

  • MD5

    d465d9c31130a4005b93d0d7ced5f4ad

  • SHA1

    6d573f70e3b32f31cbd9447f26dd9f3329783e87

  • SHA256

    084dfa51fe246c2842e33da0e3a45c943c25c1db031600a0e97c4820d3460533

  • SHA512

    46fe266ab9de33d63b16606caaf69ff078ade3661115e038b6b28e97568ec4054b145eeaf1d8116230b8484fadbe10f49a73a275e35d7c426182c7a97ca91bda

  • SSDEEP

    3072:HjJZI6mQluBcPSbJeEh86TJUDcjqvbTCIQ:dZ5meuBKoJi6VycCTC

  Score

  10^/10

  ponycredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2