Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a83c27a32619e36f49cc7c3502bd4e43_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240614-gpypraxeqa

  • MD5

    a83c27a32619e36f49cc7c3502bd4e43

  • SHA1

    4d24161a848417e26bf4488cd40f02f83ef6cc43

  • SHA256

    93cf920aa2c41def09a76a43d93d6e867c1d7b8152c1bcbe3d6a80aabc577a83

  • SHA512

    c6576c0c0129cf5e8eb3d5f59548fb241b2f1438c86267ca1ccb63a6b3c459062145e9879b334d67548d874311eb0d5a18b096d1bea8b016e26e8e99a3a5dc35

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrle:86SIROiFJiwp0xlrle

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      a83c27a32619e36f49cc7c3502bd4e43_JaffaCakes118

    • Size

      2.6MB

    • MD5

      a83c27a32619e36f49cc7c3502bd4e43

    • SHA1

      4d24161a848417e26bf4488cd40f02f83ef6cc43

    • SHA256

      93cf920aa2c41def09a76a43d93d6e867c1d7b8152c1bcbe3d6a80aabc577a83

    • SHA512

      c6576c0c0129cf5e8eb3d5f59548fb241b2f1438c86267ca1ccb63a6b3c459062145e9879b334d67548d874311eb0d5a18b096d1bea8b016e26e8e99a3a5dc35

    • SSDEEP

      49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrle:86SIROiFJiwp0xlrle

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks