Extracted

• • Target

    JaffaCakes118_6c4e379986905422a989ff02ff7948d0

  • Size

    97KB

  • MD5

    6c4e379986905422a989ff02ff7948d0

  • SHA1

    c88905621a9c96c0d6c921510bb086d87ce78579

  • SHA256

    f7d56e44e7476babec05db296b63ae50d0a630d2e9ac1e0a836d56ca7fd90d64

  • SHA512

    6b0711a047b629cb30aac6088a8af67f7d13c9697bbb503adcedd870ac720cd9f41b890b8d9a0740581c78c0c6e7332e5c1bd15c1fecf82768ab34c1c3e8a2a7

  • SSDEEP

    1536:O120jMMnAx5Hn/EHL8/vl2kgx+kscyuxRJXkMNV+nLwCoRwUfZGa:kMOYMgXl2kgx+74/VIwjyUf5

  Score

  10^/10

  ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2