Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cfd1e96e30d36e12b52545eb21d41214_JaffaCakes118

  • Size

    159KB

  • Sample

    240906-slkjhateka

  • MD5

    cfd1e96e30d36e12b52545eb21d41214

  • SHA1

    cb292ae0bd385cef958a87bf46ffe5f72dc4ab67

  • SHA256

    2385b38c490d82879cc4b40b0075a12e7c43153c924ea87dd71352bf505e598d

  • SHA512

    955fee89a2c88bde10b7354c5fd9b9be8700d157ab56f8bccfb05401a8aad1cf98165dbd516a69827a83e9a5fff4c7782e7b62c8259ecedf9dd7748c4524d6ee

  • SSDEEP

    1536:7KPEVuTX/EtUVUgpJ9dhxDDt80oy1dhB2JsglZStNIO2cmtcAO80NM+Nf8O6m6y3:7hVuTv5VUIDxthEDStNIO2cmI78O6m6g

Malware Config

Extracted

Family

pony

C2

http://etsiunjour.fr:81/pony/gate.php

http://akamaifilms.com:81/pony/gate.php

Attributes
  • payload_url

    http://bogartmed.com/ADvQe.exe

    http://gecenym.org.ar/dwW.exe

    http://lsf.co.id/fwSzx.exe

Targets

    • Target

      cfd1e96e30d36e12b52545eb21d41214_JaffaCakes118

    • Size

      159KB

    • MD5

      cfd1e96e30d36e12b52545eb21d41214

    • SHA1

      cb292ae0bd385cef958a87bf46ffe5f72dc4ab67

    • SHA256

      2385b38c490d82879cc4b40b0075a12e7c43153c924ea87dd71352bf505e598d

    • SHA512

      955fee89a2c88bde10b7354c5fd9b9be8700d157ab56f8bccfb05401a8aad1cf98165dbd516a69827a83e9a5fff4c7782e7b62c8259ecedf9dd7748c4524d6ee

    • SSDEEP

      1536:7KPEVuTX/EtUVUgpJ9dhxDDt80oy1dhB2JsglZStNIO2cmtcAO80NM+Nf8O6m6y3:7hVuTv5VUIDxthEDStNIO2cmI78O6m6g

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks