Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
664e859be8e5b5327d163b0be80ffe8a_JaffaCakes118
-
Size
115KB
-
Sample
240723-f4xwbszcke
-
MD5
664e859be8e5b5327d163b0be80ffe8a
-
SHA1
6ce561c9780c504c7dba88ad320b03f3a33824e2
-
SHA256
ed97ea8148f67eb9e652de680991f770b0bdc0b861167a2027a6f84611c3609a
-
SHA512
c506e9b9889065f860c148be8eabb8bec1c81156313507be3ce68000d6bce48ee135868bbc0d6a1f1b9e10f946801dbfaafa9dbfc518bb368558171470869e2b
-
SSDEEP
3072:IuYp/i+v3pbN17HBThiAxvT1dZWzG2mRFd9T83G19Ei0D6RlkA1:PM9NzZBLwSRJTn1Siia
Malware Config
Extracted
pony
http://176.28.18.135:8080/pony/gate.php
http://85.214.243.87:8080/pony/gate.php
http://88.85.99.44:8080/pony/gate.php
-
payload_url
http://gtgaming.org/zH4CnJyC/cC7.exe
http://ittindia.in/VFXUcnUv/sKNXS9.exe
Targets
-
-
Target
664e859be8e5b5327d163b0be80ffe8a_JaffaCakes118
-
Size
115KB
-
MD5
664e859be8e5b5327d163b0be80ffe8a
-
SHA1
6ce561c9780c504c7dba88ad320b03f3a33824e2
-
SHA256
ed97ea8148f67eb9e652de680991f770b0bdc0b861167a2027a6f84611c3609a
-
SHA512
c506e9b9889065f860c148be8eabb8bec1c81156313507be3ce68000d6bce48ee135868bbc0d6a1f1b9e10f946801dbfaafa9dbfc518bb368558171470869e2b
-
SSDEEP
3072:IuYp/i+v3pbN17HBThiAxvT1dZWzG2mRFd9T83G19Ei0D6RlkA1:PM9NzZBLwSRJTn1Siia
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-