Extracted

• • Target

    JaffaCakes118_8b917aa9ad65c54f3296a1b9ce2708ed

  • Size

    71KB

  • MD5

    8b917aa9ad65c54f3296a1b9ce2708ed

  • SHA1

    eae28c71dc7bbe8b3f19b60db27313866f6ec4d9

  • SHA256

    e93bfbef47d7a0c6e0f0e46712361cab1fbc50b1e2d75cea00c102e65bb7f104

  • SHA512

    e779f6296ab6eda047f429d62a18d63871e0807b93c32f1cfa828e0dec00ed7328923652b3d7daade9c2c175e787269b461c65a391b6ff1caae1839b31ba8a7b

  • SSDEEP

    1536:uURx8UoraF1mGiokMBkGzcr2kt2T/LrcnVzOk9FZiTj:fx8UormmPp4pcJt2T/LrcVKYS

  Score

  10^/10

  ponycredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2