Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac20bbf48818f1344aa1ed1af7e507f1_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240615-aajhys1gre

  • MD5

    ac20bbf48818f1344aa1ed1af7e507f1

  • SHA1

    a1d8ee0c2c043a62ba446a7a1b723209923677e0

  • SHA256

    62e126a1f8c618df5dbbe0b11adba28134457486606d217e720fe324b6d12a58

  • SHA512

    e608ccbaa4d8ac7f6ad150e339410d27ac4a1a9e9c3a44c885373b23e4fa42137a464953612ccd1135b7f73e2e082cc483b899b6263edc3a6f383f8fab1061c0

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ3:0UzeyQMS4DqodCnoe+iitjWwwL

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      ac20bbf48818f1344aa1ed1af7e507f1_JaffaCakes118

    • Size

      2.2MB

    • MD5

      ac20bbf48818f1344aa1ed1af7e507f1

    • SHA1

      a1d8ee0c2c043a62ba446a7a1b723209923677e0

    • SHA256

      62e126a1f8c618df5dbbe0b11adba28134457486606d217e720fe324b6d12a58

    • SHA512

      e608ccbaa4d8ac7f6ad150e339410d27ac4a1a9e9c3a44c885373b23e4fa42137a464953612ccd1135b7f73e2e082cc483b899b6263edc3a6f383f8fab1061c0

    • SSDEEP

      24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ3:0UzeyQMS4DqodCnoe+iitjWwwL

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks