Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

4939cf0169...18.exe

windows7-x64

10

4939cf0169...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4939cf016965f1a1a7aefe3b63b1033a_JaffaCakes118

  • Size

    144KB

  • Sample

    240715-lk3kcszcqk

  • MD5

    4939cf016965f1a1a7aefe3b63b1033a

  • SHA1

    b2d831c0fe472b408ef7aae156fdb8fef93f59f0

  • SHA256

    4c51b6260e0845deb01c55a03be4e29a043e87039e369c97e5ddf986482291a8

  • SHA512

    94c27831bfd856f274d3d176460e3ec5ce31a75bdd88a1b9239819e905f5c94b12c8a77bc7d6dde5cd188794cdbad928061c0b52d53700d28c5968ee35d5b547

  • SSDEEP

    3072:s0IYwk7xA1aHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHYd:nIYwkdBSn8YoLLVrbwzuaj2rH0

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://74.53.97.66:8080/forum/viewtopic.php

http://74.53.97.67:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://orion.obidigital.net/d09ZhGf.exe

    http://ftp.lastraautosport.com.ar/xjH.exe

Targets

    • Target

      4939cf016965f1a1a7aefe3b63b1033a_JaffaCakes118

    • Size

      144KB

    • MD5

      4939cf016965f1a1a7aefe3b63b1033a

    • SHA1

      b2d831c0fe472b408ef7aae156fdb8fef93f59f0

    • SHA256

      4c51b6260e0845deb01c55a03be4e29a043e87039e369c97e5ddf986482291a8

    • SHA512

      94c27831bfd856f274d3d176460e3ec5ce31a75bdd88a1b9239819e905f5c94b12c8a77bc7d6dde5cd188794cdbad928061c0b52d53700d28c5968ee35d5b547

    • SSDEEP

      3072:s0IYwk7xA1aHbSnCZYoB1rLAxgutQb0HdUyY6CpaJFsZLoYHYd:nIYwkdBSn8YoLLVrbwzuaj2rH0

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks