Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ab19c4a06c...18.exe

windows7-x64

10

ab19c4a06c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab19c4a06c8b2bf7f5c9284a2be652a4_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240614-wxwbxsvgrl

  • MD5

    ab19c4a06c8b2bf7f5c9284a2be652a4

  • SHA1

    436e60116c0bc7b75cb31b0fb782178f3e2aaf50

  • SHA256

    6f57e5066cc57098ef18b76787f2d42b496545a231bd86c863d1e7e3c969dad8

  • SHA512

    fbc528c7a6921c39194870b8018fcc025b11fe83b375a0988c7664d820ed28f5b1a5e35741b0e9aa86dba2de3e584976d3fc9de01ecf530c4ca3a0f6d68936c1

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrls:86SIROiFJiwp0xlrls

Score
10/10
ponyevasionpersistenceratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      ab19c4a06c8b2bf7f5c9284a2be652a4_JaffaCakes118

    • Size

      2.6MB

    • MD5

      ab19c4a06c8b2bf7f5c9284a2be652a4

    • SHA1

      436e60116c0bc7b75cb31b0fb782178f3e2aaf50

    • SHA256

      6f57e5066cc57098ef18b76787f2d42b496545a231bd86c863d1e7e3c969dad8

    • SHA512

      fbc528c7a6921c39194870b8018fcc025b11fe83b375a0988c7664d820ed28f5b1a5e35741b0e9aa86dba2de3e584976d3fc9de01ecf530c4ca3a0f6d68936c1

    • SSDEEP

      49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrls:86SIROiFJiwp0xlrls

    Score
    10/10
    ponyevasionpersistenceratspywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Modifies Installed Components in the registry

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.