Extracted

• • Target

    e7e206a2d7a67a28a07c18851cbdccf4_JaffaCakes118

  • Size

    99KB

  • MD5

    e7e206a2d7a67a28a07c18851cbdccf4

  • SHA1

    f75a879f90e4f9e1cb47d2a256778e1fd9962ada

  • SHA256

    cec5acbfec993a4c80ade784a65752f75ad475de5fbae2a9416680037483f9c2

  • SHA512

    7835acd216a76a935e09bd94dd253ede3a19e59ee733dd8339db9ab8dc295127272b05ff0c9f4cbf1125b0f5cd4b89edf5515868b741bc5367a356a59036a0e4

  • SSDEEP

    1536:XiB9D+dVe6s6vXK8yUcc6l1On6wtOyWemEXqWulo+d0qpUI25Qr8cMuRMGB:Xa48EXK8yUzGEX7XFwsI25Qr8cMuOG

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2