Extracted

• • Target

    JaffaCakes118_6bdfa87c4579b7ae4ccb86840704b580

  • Size

    114KB

  • MD5

    6bdfa87c4579b7ae4ccb86840704b580

  • SHA1

    37eb7c74c0084499b65af5ae852f4167857e5cff

  • SHA256

    3f10fde35c32ed84c63bbaa1a10d06ed96ff2dba9778f61f0f1ec92f9aab9dea

  • SHA512

    e93642a7700ca822f1edf967e7fb4662b6d3ed7752c9fd32b8f4b4ea91fc13fb676b587e5b735a5a4a351ca105ef15935199cc3f79f3b4c128c5d77925346264

  • SSDEEP

    3072:a+um3OQS+SvIfM0TEgR+bQR5pwXTjnIwgL7MZ:dum+Q20TEgYC5pwXIwUM

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2