Extracted

• • Target

    JaffaCakes118_68d90550b28a6f264d6b3d223c256760

  • Size

    235KB

  • MD5

    68d90550b28a6f264d6b3d223c256760

  • SHA1

    e028dfeb47fc6e7f0724a2b4237ea467c0dfb898

  • SHA256

    2b639fff42e750e637c56a128b7b18b6a08d07ed31c5fbe11b230209c1dbf0be

  • SHA512

    2a23280e3f85722c03426256f56168608dfc48c70f8b167f92aa2d2abc3c68cb5d415ce1dacdcde0c9fe6513ec160688fbef45ef4a64cff424713980a8e92ee3

  • SSDEEP

    3072:347p4whXYbnThZE9xdWPfVuSYeHHvWM/7ZchA8nWG2OA8nWG2ZN6P2lfnbn0XpC0:kp4mynY90f/HHvY8Si

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2