Extracted

• • Target

    JaffaCakes118_64ad903ec3f1acc8618e69af3c3f089d

  • Size

    117KB

  • MD5

    64ad903ec3f1acc8618e69af3c3f089d

  • SHA1

    907af524c384031a453431dd1f3985e43528ef94

  • SHA256

    a2dec0dea0894dbc9f18f8c314e259495a68e7950928dc34649dadfea64e11dd

  • SHA512

    174dc6bbafcdef944bf8c68c84ee760fcf947d1e82c07b403e370d53396b4bb199ae1bc3654b5470edd9e6729d25fc0eccf5c850fbeeedec0aab2234574b02fa

  • SSDEEP

    1536:CCH3onsBL9/9H19CK/0Y5C4Us4vPy+LDZ7+0+wQPMh5bIKdx/sDAHXsb/0:C1sR9FHDlLQPy+PLhdndxYAHK/0

  Score

  10^/10

  ponycredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2