Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4939cf016965f1a1a7aefe3b63b1033a_JaffaCakes118

  • Size

    144KB

  • Sample

    240715-lk3kcszcqk

  • MD5

    4939cf016965f1a1a7aefe3b63b1033a

  • SHA1

    b2d831c0fe472b408ef7aae156fdb8fef93f59f0

  • SHA256

    4c51b6260e0845deb01c55a03be4e29a043e87039e369c97e5ddf986482291a8

  • SHA512

    94c27831bfd856f274d3d176460e3ec5ce31a75bdd88a1b9239819e905f5c94b12c8a77bc7d6dde5cd188794cdbad928061c0b52d53700d28c5968ee35d5b547

  • SSDEEP

    3072:s0IYwk7xA1aHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHYd:nIYwkdBSn8YoLLVrbwzuaj2rH0

Malware Config

Extracted

Family

pony

C2

http://74.53.97.66:8080/forum/viewtopic.php

http://74.53.97.67:8080/forum/viewtopic.php

Attributes
  • payload_url

    http://orion.obidigital.net/d09ZhGf.exe

    http://ftp.lastraautosport.com.ar/xjH.exe

Targets

    • Target

      4939cf016965f1a1a7aefe3b63b1033a_JaffaCakes118

    • Size

      144KB

    • MD5

      4939cf016965f1a1a7aefe3b63b1033a

    • SHA1

      b2d831c0fe472b408ef7aae156fdb8fef93f59f0

    • SHA256

      4c51b6260e0845deb01c55a03be4e29a043e87039e369c97e5ddf986482291a8

    • SHA512

      94c27831bfd856f274d3d176460e3ec5ce31a75bdd88a1b9239819e905f5c94b12c8a77bc7d6dde5cd188794cdbad928061c0b52d53700d28c5968ee35d5b547

    • SSDEEP

      3072:s0IYwk7xA1aHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHYd:nIYwkdBSn8YoLLVrbwzuaj2rH0

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks