Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    19c5b3119568f38dcb8a82d9c7233c5c_JaffaCakes118

  • Size

    188KB

  • Sample

    240628-megw5sthlc

  • MD5

    19c5b3119568f38dcb8a82d9c7233c5c

  • SHA1

    363a23e2e13e365ac989d47b4fab13d5c77ed760

  • SHA256

    a16821df64bb01688482ed529dd247297958ff14e7b015e8f4eb862fe5bb2784

  • SHA512

    c5c876cdeb8977129c5c37b9f8585185393492a602de2bf71739dec89da64f9b32fbb1bbd6f85c66479789f821eefe8b3564ee5e9ca20f14b98a9dd7d90585cc

  • SSDEEP

    3072:AR4LpcO52SkSFg2kfNsyp8UajVPbWIQUSnrkH308x:A6Vx52SvXyNsypFkzXQUSrUZ

Malware Config

Extracted

Family

pony

C2

http://classicmodels.at:8080/ponys/gate.php

http://diva-code.at:8080/ponys/gate.php

Attributes
  • payload_url

    http://dev.vigal.no/H7Qvp4bh.exe

    http://medismindia.com/Vma.exe

    http://getmybodyright.com/4gd.exe

Targets

    • Target

      19c5b3119568f38dcb8a82d9c7233c5c_JaffaCakes118

    • Size

      188KB

    • MD5

      19c5b3119568f38dcb8a82d9c7233c5c

    • SHA1

      363a23e2e13e365ac989d47b4fab13d5c77ed760

    • SHA256

      a16821df64bb01688482ed529dd247297958ff14e7b015e8f4eb862fe5bb2784

    • SHA512

      c5c876cdeb8977129c5c37b9f8585185393492a602de2bf71739dec89da64f9b32fbb1bbd6f85c66479789f821eefe8b3564ee5e9ca20f14b98a9dd7d90585cc

    • SSDEEP

      3072:AR4LpcO52SkSFg2kfNsyp8UajVPbWIQUSnrkH308x:A6Vx52SvXyNsypFkzXQUSrUZ

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks