Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cfbc6eb1dd...18.exe

windows7-x64

10

cfbc6eb1dd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfbc6eb1ddb0a9c5041f295bcbbc8980_JaffaCakes118

  • Size

    94KB

  • Sample

    241207-ah52xs1nhn

  • MD5

    cfbc6eb1ddb0a9c5041f295bcbbc8980

  • SHA1

    ce28fcf2d2b7c34cfb422c5fc2b5dc0a647aaba0

  • SHA256

    3a382deb22a22a2d2bed26331786febbf6b56285b70a81c1dbb6183a0e6265f7

  • SHA512

    2b74f53e819520c2fb5a1e4a8243a6db637f4d3b6020c8df6ec6f5d88d9fd6d95aed3e49c9dfde1d70b3a028f6fe7979d2ed4b04dbc715c7579d0968b2d1bba4

  • SSDEEP

    1536:16KqefPmMF2s+Tqkdqy9HqcyGK/qHUIBkarxJOCkSPd2fv/0Ku/TxdaK115X51kM:kKqMPzk/BHqMK/kdJOCkKd2/YTq8x5L

Score
10/10
ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

Malware Config

Extracted

Family

pony

C2

http://bdujyr.pw:4915/way/like.php

http://bdhkmts.pw:4915/way/like.php

Targets

    • Target

      cfbc6eb1ddb0a9c5041f295bcbbc8980_JaffaCakes118

    • Size

      94KB

    • MD5

      cfbc6eb1ddb0a9c5041f295bcbbc8980

    • SHA1

      ce28fcf2d2b7c34cfb422c5fc2b5dc0a647aaba0

    • SHA256

      3a382deb22a22a2d2bed26331786febbf6b56285b70a81c1dbb6183a0e6265f7

    • SHA512

      2b74f53e819520c2fb5a1e4a8243a6db637f4d3b6020c8df6ec6f5d88d9fd6d95aed3e49c9dfde1d70b3a028f6fe7979d2ed4b04dbc715c7579d0968b2d1bba4

    • SSDEEP

      1536:16KqefPmMF2s+Tqkdqy9HqcyGK/qHUIBkarxJOCkSPd2fv/0Ku/TxdaK115X51kM:kKqMPzk/BHqMK/kdJOCkKd2/YTq8x5L

    Score
    10/10
    ponycollectioncredential_accessdefense_evasiondiscoveryratspywarestealerupx

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks