Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1257a612033f26ccbcbdaec9ed42c2b8_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240504-mnrgyaeb33

  • MD5

    1257a612033f26ccbcbdaec9ed42c2b8

  • SHA1

    c8880924a50fe7584043a77628d03aeb8c773dec

  • SHA256

    717637a6402f6c44db3e86b4e747243f7af30e70da8f1d25adc44ab3de03b3c4

  • SHA512

    3f3db425e40f1ec28820dacad50b2ccc57b64ef85928a1b3d6ea557a88a45a8e4ed862d991046ad40a73b482a4df92c432efcbcfd3580c0df7735f05fae576b1

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrly:86SIROiFJiwp0xlrly

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      1257a612033f26ccbcbdaec9ed42c2b8_JaffaCakes118

    • Size

      2.6MB

    • MD5

      1257a612033f26ccbcbdaec9ed42c2b8

    • SHA1

      c8880924a50fe7584043a77628d03aeb8c773dec

    • SHA256

      717637a6402f6c44db3e86b4e747243f7af30e70da8f1d25adc44ab3de03b3c4

    • SHA512

      3f3db425e40f1ec28820dacad50b2ccc57b64ef85928a1b3d6ea557a88a45a8e4ed862d991046ad40a73b482a4df92c432efcbcfd3580c0df7735f05fae576b1

    • SSDEEP

      49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrly:86SIROiFJiwp0xlrly

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks