Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac22ac53d2c0bd2748813fa469fda020_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240615-abnjasvhnr

  • MD5

    ac22ac53d2c0bd2748813fa469fda020

  • SHA1

    d9273fe1be8f4ba9c9dc4b3db91dfeaf15234094

  • SHA256

    ba0f694bf960ec05b849a058ddb3dafd7d83cda68e6efef548ada88e1e495f8d

  • SHA512

    cf95456fe3aec8bbea4b00b70f1dad32e0e21ecb9d5ee6a9e0e586dd1e6c85d3ac42ddd9ed74b7dcc7f01b5a359700de837163416ff06a3c700211cb302ba6a6

  • SSDEEP

    49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlR:86SIROiFJiwp0xlrlR

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      ac22ac53d2c0bd2748813fa469fda020_JaffaCakes118

    • Size

      2.6MB

    • MD5

      ac22ac53d2c0bd2748813fa469fda020

    • SHA1

      d9273fe1be8f4ba9c9dc4b3db91dfeaf15234094

    • SHA256

      ba0f694bf960ec05b849a058ddb3dafd7d83cda68e6efef548ada88e1e495f8d

    • SHA512

      cf95456fe3aec8bbea4b00b70f1dad32e0e21ecb9d5ee6a9e0e586dd1e6c85d3ac42ddd9ed74b7dcc7f01b5a359700de837163416ff06a3c700211cb302ba6a6

    • SSDEEP

      49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrlR:86SIROiFJiwp0xlrlR

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Modifies Installed Components in the registry

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks