Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86c20760edac3503e9cbffb18e9c0ffd_JaffaCakes118

  • Size

    90KB

  • Sample

    240531-m1a1qafg89

  • MD5

    86c20760edac3503e9cbffb18e9c0ffd

  • SHA1

    e97eb0b6e8489002189f074efdaf44896ba1b175

  • SHA256

    eaf3a35a01a43d0be584a1418126e1203836f874b7c9517ebceada3068b6b62c

  • SHA512

    b40d2db4443ac625337ef67f4cc0e3efcf4f3d4fc178b5054d0f3fad426f078ed673c0fb2317844c79b2d3c6a56ce4d9ca20e2493582548077487d4221626188

  • SSDEEP

    1536:UnSncgyGqTDRXmGcwSCfZDalZNg9tvo0iO3AX4ApTvMEIckzmt2l:2SnMuGc/CfZDap6COU45EIwtm

Malware Config

Extracted

Family

pony

C2

http://b4mb4m.ru/kek/

Attributes
  • payload_url

    http://185.222.202.114/uploads/uploads/update_z.exe

Targets

    • Target

      86c20760edac3503e9cbffb18e9c0ffd_JaffaCakes118

    • Size

      90KB

    • MD5

      86c20760edac3503e9cbffb18e9c0ffd

    • SHA1

      e97eb0b6e8489002189f074efdaf44896ba1b175

    • SHA256

      eaf3a35a01a43d0be584a1418126e1203836f874b7c9517ebceada3068b6b62c

    • SHA512

      b40d2db4443ac625337ef67f4cc0e3efcf4f3d4fc178b5054d0f3fad426f078ed673c0fb2317844c79b2d3c6a56ce4d9ca20e2493582548077487d4221626188

    • SSDEEP

      1536:UnSncgyGqTDRXmGcwSCfZDalZNg9tvo0iO3AX4ApTvMEIckzmt2l:2SnMuGc/CfZDap6COU45EIwtm

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks