Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ab44967a87b99eaa15fa71940db9a2ba_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240614-y1dx6axhpq

  • MD5

    ab44967a87b99eaa15fa71940db9a2ba

  • SHA1

    34040e5693947a90b03186ec49b5f5398e234e52

  • SHA256

    aa861880f6e18f2682b1647ebe54fc51cd62c689fd443e0803fd969b465a2235

  • SHA512

    7618192d7a84eab0992988210ce22f26f0d7761edb76fe423d555a7b966149ec6b162c5838c5166fd59d7fdeb1f42b74c472b16ce2dc338cdc9f89c169601e71

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlH:86SIROiFJiwp0xlrlH

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      ab44967a87b99eaa15fa71940db9a2ba_JaffaCakes118

    • Size

      2.6MB

    • MD5

      ab44967a87b99eaa15fa71940db9a2ba

    • SHA1

      34040e5693947a90b03186ec49b5f5398e234e52

    • SHA256

      aa861880f6e18f2682b1647ebe54fc51cd62c689fd443e0803fd969b465a2235

    • SHA512

      7618192d7a84eab0992988210ce22f26f0d7761edb76fe423d555a7b966149ec6b162c5838c5166fd59d7fdeb1f42b74c472b16ce2dc338cdc9f89c169601e71

    • SSDEEP

      49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlH:86SIROiFJiwp0xlrlH

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks