Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4a7a0495b6fa685c9bb2d1a219b7c8a_JaffaCakes118

  • Size

    177KB

  • Sample

    241126-3a7j1a1pcr

  • MD5

    a4a7a0495b6fa685c9bb2d1a219b7c8a

  • SHA1

    3c68b4d8f881cadf7546bdeaf9df2d60ae749f5b

  • SHA256

    f4c41f6b6e17d0beae7c428423f2bb92bc89e3172ffc7e9e0068a24df490703e

  • SHA512

    69792d77a77174ae43386bfd1a66fa071913fc5693a780b8a22f57b4a7d4b21c0fb72425d78179838882c4caa39c063734d2cea4b3cd0da7740703025d4edc40

  • SSDEEP

    3072:ikPFklKTvWd6LRcz+uvKgCb1gtUkkx5r1YA5SNbbLnz:0MTRcz/KRb1skThubbLz

Malware Config

Extracted

Family

pony

C2

http://srv.usedcrotchrockets.com/forum/viewtopic.php

http://srv.michigancrotchrockets.com/forum/viewtopic.php

Attributes
  • payload_url

    http://atualizacoes.issqn.net/6PrbAL.exe

    http://85.18.21.252/PNV3Hbi.exe

Targets

    • Target

      a4a7a0495b6fa685c9bb2d1a219b7c8a_JaffaCakes118

    • Size

      177KB

    • MD5

      a4a7a0495b6fa685c9bb2d1a219b7c8a

    • SHA1

      3c68b4d8f881cadf7546bdeaf9df2d60ae749f5b

    • SHA256

      f4c41f6b6e17d0beae7c428423f2bb92bc89e3172ffc7e9e0068a24df490703e

    • SHA512

      69792d77a77174ae43386bfd1a66fa071913fc5693a780b8a22f57b4a7d4b21c0fb72425d78179838882c4caa39c063734d2cea4b3cd0da7740703025d4edc40

    • SSDEEP

      3072:ikPFklKTvWd6LRcz+uvKgCb1gtUkkx5r1YA5SNbbLnz:0MTRcz/KRb1skThubbLz

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks