Extracted

• • Target

    f34a7b2e5d00087091ae124446dffcc5_JaffaCakes118

  • Size

    67KB

  • MD5

    f34a7b2e5d00087091ae124446dffcc5

  • SHA1

    adcdb65f8e7eaeacb69feff55486c11129f68d2d

  • SHA256

    4e76286ba163db436ad62a7e56f00a1fd5d7db8dd293389b5263b2edb41a9cff

  • SHA512

    8cc1022b26634f5f2b5571dcc6e590d86b3f63e5bd8722ac1eff92ef56132ec2dedc8d78f9a2b484a088d66781a78632ab518c3f42f7f62d8f9382a464abd2e5

  • SSDEEP

    1536:5Cs9dDV/RFhEcTg2X7r5/59i5JotAmQQwY:n7ecBXBe0tHQQwY

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2