Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0c64f0a0f95b082cb2e6cdff97dd222c_JaffaCakes118
-
Size
144KB
-
Sample
240625-efty4ayhkd
-
MD5
0c64f0a0f95b082cb2e6cdff97dd222c
-
SHA1
ed7c2f533770386c627ef6d6e688d30bbf3edad9
-
SHA256
fc5adb24060462a13a4881a3acece1b23c90f04918ae3a9b0ebcfe082be6084c
-
SHA512
21293ffedc13463fe27b954629857132f2072e570374bd1c8f5a761fe41f2bdce1b804838e658b8c739eee260af71f6be376ebc011360be408118a7a991b376d
-
SSDEEP
3072:s0IYwk7xA1gInRZfZ+patRDUgO4Ryb3nqbttfpaJCa18Ee:nIYwkdURZR+gtWU0bXOxah+
Malware Config
Extracted
pony
http://74.53.97.66:8080/forum/viewtopic.php
http://74.53.97.67:8080/forum/viewtopic.php
-
payload_url
http://www.obvjutphaas.nl/wQ7T.exe
http://r555.info/41LMMbt5.exe
Targets
-
-
Target
0c64f0a0f95b082cb2e6cdff97dd222c_JaffaCakes118
-
Size
144KB
-
MD5
0c64f0a0f95b082cb2e6cdff97dd222c
-
SHA1
ed7c2f533770386c627ef6d6e688d30bbf3edad9
-
SHA256
fc5adb24060462a13a4881a3acece1b23c90f04918ae3a9b0ebcfe082be6084c
-
SHA512
21293ffedc13463fe27b954629857132f2072e570374bd1c8f5a761fe41f2bdce1b804838e658b8c739eee260af71f6be376ebc011360be408118a7a991b376d
-
SSDEEP
3072:s0IYwk7xA1gInRZfZ+patRDUgO4Ryb3nqbttfpaJCa18Ee:nIYwkdURZR+gtWU0bXOxah+
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-