Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dac7fc2b4b...18.exe

windows7-x64

10

dac7fc2b4b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dac7fc2b4b9ef1a4ac2fc4f8a2b9d9b2_JaffaCakes118

  • Size

    188KB

  • Sample

    241209-wadhlavrez

  • MD5

    dac7fc2b4b9ef1a4ac2fc4f8a2b9d9b2

  • SHA1

    6434d2f351d949a007a3e67bd083eb85b322a3f2

  • SHA256

    476e662a52c5fe6098d84b12dd1a60534a4f9f6b2e1f9a7e8ae9c7f6f21c2fb9

  • SHA512

    78041ff011883331f02f381c12fcf9219755b5c76f0247cac6aae692c03f0c0cb031c0f9436f82eb5039a51c152b121491157175e5d7eaa95f81a61a0dc9ab28

  • SSDEEP

    3072:zwermyUiDtjvhYwYpT8759EgXfdycSk1QoRjkCcJCB:zwUPCwYpo7TXfdyHk7JWQ

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://13.carnovirious.net/forum/viewtopic.php

http://13.JONEMNOMINIK.NET/forum/viewtopic.php

http://13.LOMERDASTER.NET/forum/viewtopic.php

http://13.ZABAKARVESTER.NET/forum/viewtopic.php
Attributes
  • payload_url

    http://goodwintucker.cylosoft.net/kUWqFb.exe

    http://cavih.com/2ddFfSL.exe

    http://martom.pl/kLZj1K.exe

Targets

    • Target

      dac7fc2b4b9ef1a4ac2fc4f8a2b9d9b2_JaffaCakes118

    • Size

      188KB

    • MD5

      dac7fc2b4b9ef1a4ac2fc4f8a2b9d9b2

    • SHA1

      6434d2f351d949a007a3e67bd083eb85b322a3f2

    • SHA256

      476e662a52c5fe6098d84b12dd1a60534a4f9f6b2e1f9a7e8ae9c7f6f21c2fb9

    • SHA512

      78041ff011883331f02f381c12fcf9219755b5c76f0247cac6aae692c03f0c0cb031c0f9436f82eb5039a51c152b121491157175e5d7eaa95f81a61a0dc9ab28

    • SSDEEP

      3072:zwermyUiDtjvhYwYpT8759EgXfdycSk1QoRjkCcJCB:zwUPCwYpo7TXfdyHk7JWQ

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks