Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

a6a053001e...18.exe

windows7-x64

10

a6a053001e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6a053001ee8d0a8458d1a17f0f8dedf_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240613-z8bnfathpq

  • MD5

    a6a053001ee8d0a8458d1a17f0f8dedf

  • SHA1

    ab63a37e8d87ab70002c4eb596645f1d3ec175cf

  • SHA256

    e88a8b2d20f6a2286579a5a28fdd79c7247f64241352fb8f65f186d600266cab

  • SHA512

    49ef397ddc4d0eb53ab1be9b8f45715264766935987a89dc38e03a7ad8c9e2534cc44b99de7ac0d43ef38e91ac7f1590ce20466f7897c8c155cfecf4298c78fe

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ+:0UzeyQMS4DqodCnoe+iitjWwwi

Score
10/10
ponyevasionpersistenceratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      a6a053001ee8d0a8458d1a17f0f8dedf_JaffaCakes118

    • Size

      2.2MB

    • MD5

      a6a053001ee8d0a8458d1a17f0f8dedf

    • SHA1

      ab63a37e8d87ab70002c4eb596645f1d3ec175cf

    • SHA256

      e88a8b2d20f6a2286579a5a28fdd79c7247f64241352fb8f65f186d600266cab

    • SHA512

      49ef397ddc4d0eb53ab1be9b8f45715264766935987a89dc38e03a7ad8c9e2534cc44b99de7ac0d43ef38e91ac7f1590ce20466f7897c8c155cfecf4298c78fe

    • SSDEEP

      24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ+:0UzeyQMS4DqodCnoe+iitjWwwi

    Score
    10/10
    ponyevasionpersistenceratspywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Modifies Installed Components in the registry

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.