Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a8ee83b6293a51cebf7ecb038b27d302_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240614-lafmvaxhnm

  • MD5

    a8ee83b6293a51cebf7ecb038b27d302

  • SHA1

    09e5a75e94913778bd10f3390c244ae61107ab86

  • SHA256

    912d3a314e4c1bba441a12b13461bbdd13b9309a58ecdeb05f52989aaee66aa6

  • SHA512

    0b73174f8108fb115c7228b8fd46930a40c0dfd52b4e914e8642fe9ecd05dd8ce83963a8f4317bf3b095646c0c7f12717004b1c4491036610ad7b8e429d5ac7e

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlQ:86SIROiFJiwp0xlrlQ

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      a8ee83b6293a51cebf7ecb038b27d302_JaffaCakes118

    • Size

      2.6MB

    • MD5

      a8ee83b6293a51cebf7ecb038b27d302

    • SHA1

      09e5a75e94913778bd10f3390c244ae61107ab86

    • SHA256

      912d3a314e4c1bba441a12b13461bbdd13b9309a58ecdeb05f52989aaee66aa6

    • SHA512

      0b73174f8108fb115c7228b8fd46930a40c0dfd52b4e914e8642fe9ecd05dd8ce83963a8f4317bf3b095646c0c7f12717004b1c4491036610ad7b8e429d5ac7e

    • SSDEEP

      49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlQ:86SIROiFJiwp0xlrlQ

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks