Extracted

• • Target

    JaffaCakes118_8d71bf5a890eae1da41fe1fd6a0784cf

  • Size

    81KB

  • MD5

    8d71bf5a890eae1da41fe1fd6a0784cf

  • SHA1

    ece8178990157bda6bfa60e82112160119b62e5b

  • SHA256

    ae1e50de9919c108cc981c5a93726f8010f10143034f67fe26cbe2b176a04ea4

  • SHA512

    e48f776dba247cacee0b44b991430f55b89341a89a7508e0a3d3211759c0bf1e27fd59760b6af3c81fbf436dc72f57c2718a2b5fd502339c2cf7a24cf10a52ef

  • SSDEEP

    1536:F26DT3BN2bGbA/kz5lzzLonj9914fo/b9tCAb+Vyl:koT3v2P05ML14Mwyl

  Score

  10^/10

  ponycredential_accessdefense_evasiondiscoveryratspywarestealerupxpersistence

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2