Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fa85742565728498a77a390d2950df16_JaffaCakes118
-
Size
89KB
-
Sample
240927-q64f1axhlb
-
MD5
fa85742565728498a77a390d2950df16
-
SHA1
d2af2993dc02f40a145be6caefb65d15472198e8
-
SHA256
5ee6ca679acd76f04ba4636c5b5107fc2452bf0f6674718c232883ea8f97338d
-
SHA512
7df443e203250dfb10b61693a44ce21996276733a69980247341d6ffc94869cefc7c1020ce8d3257b752c2f96c9ad257ed3aeb35361391670519dcbe907e9469
-
SSDEEP
1536:Sj13U/NXBqTkOvIij/Dz997YRAmuly348vceN2O+MDcTvKECckzZt:i9uX5Gj/Dz9lYRP53IO+CTEC/t
Behavioral task
behavioral1
Sample
fa85742565728498a77a390d2950df16_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fa85742565728498a77a390d2950df16_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
pony
http://br1.irontrial.com:8080/ponyb/gate.php
http://br1.pineapplesdonthavesleeves.com:8080/ponyb/gate.php
http://89.166.50.40:8080/ponyb/gate.php
http://6.creepyassstuff.com/ponyb/gate.php
-
payload_url
http://doorway.co/eRY0kp.exe
http://actia.pl/FcNa.exe
http://k2steel.com/iCq7.exe
http://aktibbicihazlar.com/ttya.exe
http://assulapia.com/cAvbh.exe
Targets
-
-
Target
fa85742565728498a77a390d2950df16_JaffaCakes118
-
Size
89KB
-
MD5
fa85742565728498a77a390d2950df16
-
SHA1
d2af2993dc02f40a145be6caefb65d15472198e8
-
SHA256
5ee6ca679acd76f04ba4636c5b5107fc2452bf0f6674718c232883ea8f97338d
-
SHA512
7df443e203250dfb10b61693a44ce21996276733a69980247341d6ffc94869cefc7c1020ce8d3257b752c2f96c9ad257ed3aeb35361391670519dcbe907e9469
-
SSDEEP
1536:Sj13U/NXBqTkOvIij/Dz997YRAmuly348vceN2O+MDcTvKECckzZt:i9uX5Gj/Dz9lYRP53IO+CTEC/t
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-