Extracted

• • Target

    JaffaCakes118_2b742b205aab3356be121ee522b952d7

  • Size

    105KB

  • MD5

    2b742b205aab3356be121ee522b952d7

  • SHA1

    aed5e048fff581c352c41e1d2b902340291e4f14

  • SHA256

    7d5b2c791d49a558a8badcba523021bd6787ef2467f42fa46ad655baee49f957

  • SHA512

    f1834ad8cc16d2dd2f28700494ee7ae15070b195e8843153ceb0fcad8ff06fdffdb8a2983d8fc0ca16b84a4f680ede37b53190eaa158d583bb589687f1ab1bac

  • SSDEEP

    3072:xjJZI6mQluBcPSbJeEh86TJUDcjqvbTCIQ:/Z5meuBKoJi6VycCTC

  Score

  10^/10

  ponycredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2