Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d9127848a1565bec02746d3a434a95e1_JaffaCakes118

  • Size

    2.2MB

  • Sample

    240910-1ghhcawflp

  • MD5

    d9127848a1565bec02746d3a434a95e1

  • SHA1

    9e1cc0da46b84bc70e2e8fc41c1a10022d17bff4

  • SHA256

    71be4e782ac6e80cf96da2fe7736837793379b20b6db9b10093c7c3b139c52d0

  • SHA512

    6e7dc5a767ee368bf80843615ecf9c7e38c9d243a91ff2009e3d2ee853037ecdb319211847acbe679d0bc4ad9e5f831319a92d3948ed1febdabe1f0dd314381e

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZa:0UzeyQMS4DqodCnoe+iitjWwwO

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Targets

    • Target

      d9127848a1565bec02746d3a434a95e1_JaffaCakes118

    • Size

      2.2MB

    • MD5

      d9127848a1565bec02746d3a434a95e1

    • SHA1

      9e1cc0da46b84bc70e2e8fc41c1a10022d17bff4

    • SHA256

      71be4e782ac6e80cf96da2fe7736837793379b20b6db9b10093c7c3b139c52d0

    • SHA512

      6e7dc5a767ee368bf80843615ecf9c7e38c9d243a91ff2009e3d2ee853037ecdb319211847acbe679d0bc4ad9e5f831319a92d3948ed1febdabe1f0dd314381e

    • SSDEEP

      24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZa:0UzeyQMS4DqodCnoe+iitjWwwO

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.