Extracted

• • Target

    JaffaCakes118_5f49d2bcf1621856d5021a5bd4d1dab0

  • Size

    206KB

  • MD5

    5f49d2bcf1621856d5021a5bd4d1dab0

  • SHA1

    1fd0f73903ba2aa05c240b6fd639c0549a5ccf27

  • SHA256

    c896265abc789bcb9d7ba5e24447f7d4ddc49e1e88e8f998309885fbfc5f4981

  • SHA512

    a66a88914e0c2e18556c809f295efea4728ff3e6ba8c259be27d8b3a4133fe983a74ae11119d2738d888b96ec0e3a945d0d252af01e9930795abf8c78afb1235

  • SSDEEP

    6144:DjhYOkUk+66TS/ZM07QnwTTnGLAIEPlR:JN++6+nwTTGk7lR

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2