Extracted

• • Target

    JaffaCakes118_7754eb3bfe65eba7ba70ebe89286edf0

  • Size

    675KB

  • MD5

    7754eb3bfe65eba7ba70ebe89286edf0

  • SHA1

    5123b9704b134368d3e04f5da98f735f2d8ffacd

  • SHA256

    3c9374f73fc1af415800743eb5f76a79a11a23846eb63777e01680abfc4d121c

  • SHA512

    8909a156e924e04ec5b781a31803d51463ff1fc277c12934d71f7870b6981acd6b66612ad003bc9e798e627a5b9edcba60de77b192ad37125ba75ced39d19df1

  • SSDEEP

    12288:0hkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aPiq1b13:MRmJkcoQricOIQxiZY1iaPlb13

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2