Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a4a7a0495b6fa685c9bb2d1a219b7c8a_JaffaCakes118
-
Size
177KB
-
Sample
241126-3a7j1a1pcr
-
MD5
a4a7a0495b6fa685c9bb2d1a219b7c8a
-
SHA1
3c68b4d8f881cadf7546bdeaf9df2d60ae749f5b
-
SHA256
f4c41f6b6e17d0beae7c428423f2bb92bc89e3172ffc7e9e0068a24df490703e
-
SHA512
69792d77a77174ae43386bfd1a66fa071913fc5693a780b8a22f57b4a7d4b21c0fb72425d78179838882c4caa39c063734d2cea4b3cd0da7740703025d4edc40
-
SSDEEP
3072:ikPFklKTvWd6LRcz+uvKgCb1gtUkkx5r1YA5SNbbLnz:0MTRcz/KRb1skThubbLz
Malware Config
Extracted
pony
http://srv.usedcrotchrockets.com/forum/viewtopic.php
http://srv.michigancrotchrockets.com/forum/viewtopic.php
-
payload_url
http://atualizacoes.issqn.net/6PrbAL.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
a4a7a0495b6fa685c9bb2d1a219b7c8a_JaffaCakes118
-
Size
177KB
-
MD5
a4a7a0495b6fa685c9bb2d1a219b7c8a
-
SHA1
3c68b4d8f881cadf7546bdeaf9df2d60ae749f5b
-
SHA256
f4c41f6b6e17d0beae7c428423f2bb92bc89e3172ffc7e9e0068a24df490703e
-
SHA512
69792d77a77174ae43386bfd1a66fa071913fc5693a780b8a22f57b4a7d4b21c0fb72425d78179838882c4caa39c063734d2cea4b3cd0da7740703025d4edc40
-
SSDEEP
3072:ikPFklKTvWd6LRcz+uvKgCb1gtUkkx5r1YA5SNbbLnz:0MTRcz/KRb1skThubbLz
Score10/10-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-