Extracted

• • Target

    JaffaCakes118_981ee07a0216169dbcdc7cef1b6ea16f

  • Size

    93KB

  • MD5

    981ee07a0216169dbcdc7cef1b6ea16f

  • SHA1

    28fb04d31cb7bd68878338bef73034aad85c2e69

  • SHA256

    3a55fb65171b951ca2be599cf18b07064fe5f3e240563bde6d1d1e39bfc3e8bc

  • SHA512

    ae662287f5371069d5ce2a46fd27d7e80d869c0c3e5a92bd0992fcc9961717b96070a4889550adf7dbf69d150f6f09d4fd5fd13872b729fb999c31d134f32bd0

  • SSDEEP

    1536:N8MqzS35EOZdnwYsafX+c5Lcjc125u/VEbbl3h6UL+EYzzwULRRPKdN:N50S35xwuv+c5Lbbm5dLGzl/KdN

  Score

  10^/10

  ponycollectioncredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2