Extracted

• • Target

    JaffaCakes118_001fe996c420617c66d5493a08d62f05

  • Size

    70KB

  • MD5

    001fe996c420617c66d5493a08d62f05

  • SHA1

    5cb96806c813893cd556f68d709c62f0ac8e3941

  • SHA256

    2f9bf915d365578bf8139361f62fee2870b3502bc8a7687d572ab9fb3f9042d6

  • SHA512

    3d3c18c37b2e871c87fed8edb5bc89ee3a2e299eefc2d3fe5828a590d89f53b3a508eef7474de130407b80d1a657c6a2bc6f118de89c2a631216a177a07f705b

  • SSDEEP

    1536:jTpD5IhHN5e9l+1VuBy43XkYcxvjWc7duA8jK9Gs:ZNIhH7m2Ys4HkT5yrA8jK9Gs

  Score

  10^/10

  ponycredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  behavioral1behavioral2