Extracted

• • Target

    d54585548c8b2cd8dcf3465294534adc_JaffaCakes118

  • Size

    100KB

  • MD5

    d54585548c8b2cd8dcf3465294534adc

  • SHA1

    ba4965f86e3040470299ee5f2bc257127a9c2765

  • SHA256

    365711f063135c7fd1f329c24bf5d90a3c16b362792c2b259053206524eee02a

  • SHA512

    850b421c3d2f9755a103aadcfb1cf047bf47a7ca711c979075d6bedecff00a44ba3eea3545a90b11b8d9f92d153a1e5f4a1c00d507c2a6c6d8f7836f79d964f0

  • SSDEEP

    3072:81Zkla/92mcczpFs+mZioUz/DgB3zVluJ/fDpIkGM/n:+Slxc9dmEok0B3hluJ/VIin

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2