Extracted

• • Target

    JaffaCakes118_414cb717a4cd9fc4b0e2b31638ecc274

  • Size

    133KB

  • MD5

    414cb717a4cd9fc4b0e2b31638ecc274

  • SHA1

    641a95f3b20e3ce2e1e201af1517a4b18b4d3f8a

  • SHA256

    02a49c7d74b80caf9cdc07c29379c6b87eb7a38cc6a91ea4134b05ae79cd4cee

  • SHA512

    b952ab5decbccf0563329557bd3e6693e9055759e0faf4118a6f212e10f7fd010152945baf4af66d6f3683c833291596b67ea538461c521170c72a3436b8cd18

  • SSDEEP

    3072:WH/8vZncsVLNsaGTK5YCuX3Tn6yPppppZppppppppppQppppppppZppppppppppL:DZnBhstK5PuHTnJPppppZppppppppppQ

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealer

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2