Extracted

• • Target

    dd9c937a7517f585cd30cbc9a1f71353_JaffaCakes118

  • Size

    148KB

  • MD5

    dd9c937a7517f585cd30cbc9a1f71353

  • SHA1

    af791e866175d5296e9c279d5017e61e04875127

  • SHA256

    9e7ab14320c8a3294183cc1ea9f4b509fe720c288df38f46ad6df347b301d54a

  • SHA512

    8886dafb20c8e506b27170b84bb55056d23fc2440e1b4b4fa6b4d716a02b0848b3264a8352243b1632f0c04aee529271ee596d074a84b1000fdf9046ef756c4e

  • SSDEEP

    3072:kk3DFYffefdlkuHK9b/n+AnF2GWI8mb+y8s3iS:kcDgsnlql/+gWi8v

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2