Extracted

• • Target

    JaffaCakes118_078a960db913167b4e5d8df15b328eb4

  • Size

    44KB

  • MD5

    078a960db913167b4e5d8df15b328eb4

  • SHA1

    591690d8ab8717ddb0569fbb85fae01c294fd497

  • SHA256

    67c0d00d8e40f5df31fd27f2b83cd843e294268ea738adb2891e33394281f76b

  • SHA512

    3f72a2ba4872f6c6c0e8bb4df83305fb9d23580abf37fcb691afd4ecbc7cae8dbf42f0636a4daa34c2d3866d95ee7045aad2df51842dab421ee1f2c4e3e2dc1f

  • SSDEEP

    768:f+4tKIHgPp59CuqLZvdTMlUAnNMAOQW9mdivJGgsebVp5jP7XPG:f7PHSp5XqdvFMKANqR9mfgsknj7X+

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2