Extracted

• • Target

    a8e527b9195def063fafe79447c58be606d10e37d51a90fc568c34ae1c327993N.exe

  • Size

    84KB

  • MD5

    7974da3be9e0659aad689e0e26ec6480

  • SHA1

    e9075a9cd271a103585632fde8d7b104a4727abd

  • SHA256

    a8e527b9195def063fafe79447c58be606d10e37d51a90fc568c34ae1c327993

  • SHA512

    c3c81abd8b9396b9155b5741e21489ce1072069e1fd2e54fb6b8d0cefd9a9a5c1dd800731e35afd0a4c4a78623db92c06289ad26c42cd489625e87709158f5c7

  • SSDEEP

    1536:ZfyL1OhHiiInxAsagL4Rm0+zTBKMu2MntT/XFd0AEDyEPiM0V4mT:ZaL1OViiYADC4k0OBCntDV2F0V4I

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2