Extracted

• • Target

    e37a3fd4f448b3fdf65de103e556a710_JaffaCakes118

  • Size

    95KB

  • MD5

    e37a3fd4f448b3fdf65de103e556a710

  • SHA1

    ea59801d9ad65b67c74b538d560349fec036cf1b

  • SHA256

    3b6391110d74d2aede68728e6a4f5d879f514cd41ef0bb4c226c25fbf2446b3a

  • SHA512

    7b7211978482ecce8a91c17fc0d7ca89288388d8cb782552a110037e3afaaf436c7618cff03c90ef04d1b5b824beed8660e9e7b408aea0482af2ab2897f2d500

  • SSDEEP

    1536:SyWBeLyg/j1spIM1GENvEOIyJOmQQkQJ/HhVa3iiAPFrXHXpGGd:SyyeLyg/jG2M1GEhEOIpN6hw3UZ

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2