Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a6a053001ee8d0a8458d1a17f0f8dedf_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240613-z8bnfathpq

  • MD5

    a6a053001ee8d0a8458d1a17f0f8dedf

  • SHA1

    ab63a37e8d87ab70002c4eb596645f1d3ec175cf

  • SHA256

    e88a8b2d20f6a2286579a5a28fdd79c7247f64241352fb8f65f186d600266cab

  • SHA512

    49ef397ddc4d0eb53ab1be9b8f45715264766935987a89dc38e03a7ad8c9e2534cc44b99de7ac0d43ef38e91ac7f1590ce20466f7897c8c155cfecf4298c78fe

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ+:0UzeyQMS4DqodCnoe+iitjWwwi

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      a6a053001ee8d0a8458d1a17f0f8dedf_JaffaCakes118

    • Size

      2.2MB

    • MD5

      a6a053001ee8d0a8458d1a17f0f8dedf

    • SHA1

      ab63a37e8d87ab70002c4eb596645f1d3ec175cf

    • SHA256

      e88a8b2d20f6a2286579a5a28fdd79c7247f64241352fb8f65f186d600266cab

    • SHA512

      49ef397ddc4d0eb53ab1be9b8f45715264766935987a89dc38e03a7ad8c9e2534cc44b99de7ac0d43ef38e91ac7f1590ce20466f7897c8c155cfecf4298c78fe

    • SSDEEP

      24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ+:0UzeyQMS4DqodCnoe+iitjWwwi

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks