Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

b3e6930e7b...18.exe

windows7-x64

10

b3e6930e7b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3e6930e7b36827198fa593ec24fc334_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240616-repzzawcpd

  • MD5

    b3e6930e7b36827198fa593ec24fc334

  • SHA1

    67c8e3cf4d2851a3258d85f9961d2e3aa35237c8

  • SHA256

    6fbd28d41c3443f0038cb73200ce939ba1d995b72e326061003d2ae8c7a498fe

  • SHA512

    c6550d563bbbf04311d2edf917e49e64d6578745fedbf59e2174818e3506acc138385701b8df1b6ee2a509b2c976d621ea25260c9cc9a9871f676ea26847c932

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZE:0UzeyQMS4DqodCnoe+iitjWwwo

Score
10/10
ponyevasionpersistenceratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      b3e6930e7b36827198fa593ec24fc334_JaffaCakes118

    • Size

      2.2MB

    • MD5

      b3e6930e7b36827198fa593ec24fc334

    • SHA1

      67c8e3cf4d2851a3258d85f9961d2e3aa35237c8

    • SHA256

      6fbd28d41c3443f0038cb73200ce939ba1d995b72e326061003d2ae8c7a498fe

    • SHA512

      c6550d563bbbf04311d2edf917e49e64d6578745fedbf59e2174818e3506acc138385701b8df1b6ee2a509b2c976d621ea25260c9cc9a9871f676ea26847c932

    • SSDEEP

      24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZE:0UzeyQMS4DqodCnoe+iitjWwwo

    Score
    10/10
    ponyevasionpersistenceratspywarestealer

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Modifies Installed Components in the registry

      persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.