Extracted

• • Target

    JaffaCakes118_ab0ccf34a5baa58b51003748c4b2970c

  • Size

    43KB

  • MD5

    ab0ccf34a5baa58b51003748c4b2970c

  • SHA1

    bfcda08f29a46643d7826b40aaa755cfc3b9094a

  • SHA256

    c995e4e5278b623f2af81ac077dd3a5ca97ae2488f54ec6516413eb049fab9c8

  • SHA512

    82766bf4ee484f039eeea8de5fc1f1b84d9217acc8e64e4a3d0662140daff589a07124e42c647f190f436fe61337884113b95f65269aa1d5d780baea5b672412

  • SSDEEP

    768:U35ND5lWxjbbx7u3GUiGzbA2u33/JtBTQ9sHqC/39N35AuKDnMpca:6/D7IB3GQ3t1isT9rAufca

  Score

  10^/10

  ponycredential_accessdiscoveryratspywarestealerupx

  • Pony family

    pony

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

    ratspywarestealerpony

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1