Extracted

• • Target

    JaffaCakes118_7cfa2de35cde3ffac713b73f31525d90

  • Size

    70KB

  • MD5

    7cfa2de35cde3ffac713b73f31525d90

  • SHA1

    76ce1a5a3149deee9c8591b017eeeff37ae32698

  • SHA256

    aadc064c1d5de9341b5befd9d9604f2ae33843df1b9a6865f2a7b7b26b9f3c6e

  • SHA512

    32fc8e8e7b595aef38ea9e63917f44b7680699f18e144fda94e586faf1692a3fdaae8d60a0757ceb7a316e6a561979a99c1d2c004a3cc953052c2946a224b722

  • SSDEEP

    1536:nd/ZY7FO7VTszYjw60LeRQQw7A6W0NfLYgShEfb1f9+Ec:AFO7VwUc60CRK1Ohm

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2