Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0c64f0a0f95b082cb2e6cdff97dd222c_JaffaCakes118

  • Size

    144KB

  • Sample

    240625-efty4ayhkd

  • MD5

    0c64f0a0f95b082cb2e6cdff97dd222c

  • SHA1

    ed7c2f533770386c627ef6d6e688d30bbf3edad9

  • SHA256

    fc5adb24060462a13a4881a3acece1b23c90f04918ae3a9b0ebcfe082be6084c

  • SHA512

    21293ffedc13463fe27b954629857132f2072e570374bd1c8f5a761fe41f2bdce1b804838e658b8c739eee260af71f6be376ebc011360be408118a7a991b376d

  • SSDEEP

    3072:s0IYwk7xA1gInRZfZ+patRDUgO4Ryb3nqbttfpaJCa18Ee:nIYwkdURZR+gtWU0bXOxah+

Malware Config

Extracted

Family

pony

C2

http://74.53.97.66:8080/forum/viewtopic.php

http://74.53.97.67:8080/forum/viewtopic.php

Attributes
  • payload_url

    http://www.obvjutphaas.nl/wQ7T.exe

    http://r555.info/41LMMbt5.exe

Targets

    • Target

      0c64f0a0f95b082cb2e6cdff97dd222c_JaffaCakes118

    • Size

      144KB

    • MD5

      0c64f0a0f95b082cb2e6cdff97dd222c

    • SHA1

      ed7c2f533770386c627ef6d6e688d30bbf3edad9

    • SHA256

      fc5adb24060462a13a4881a3acece1b23c90f04918ae3a9b0ebcfe082be6084c

    • SHA512

      21293ffedc13463fe27b954629857132f2072e570374bd1c8f5a761fe41f2bdce1b804838e658b8c739eee260af71f6be376ebc011360be408118a7a991b376d

    • SSDEEP

      3072:s0IYwk7xA1gInRZfZ+patRDUgO4Ryb3nqbttfpaJCa18Ee:nIYwkdURZR+gtWU0bXOxah+

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks