Extracted

• • Target

    JaffaCakes118_6bd604a591a4dcfb0e43cb579adc46e0

  • Size

    315KB

  • MD5

    6bd604a591a4dcfb0e43cb579adc46e0

  • SHA1

    20083a511c5815f057ceb2e8913efc849ecbe9e2

  • SHA256

    632840cf01b498dd35c36fc18b4607108b74adf79d96c1170def8507d77cb0c4

  • SHA512

    4a429e9bc6510a8dd379370eecc4cff5279651fb91978c8dd3877aa1e8815d9ab925ea640d39550d6b8cae55a8cdb39ce4c4f05e2c418e53287a5886a48c1ab7

  • SSDEEP

    3072:YHrKNj96jmxuE/T/0hysyBqtAE/rxiU5d:YQj9qXE/XsmmAE/lP

  Score

  10^/10

  discoveryupxponycollectioncredential_accessratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2