Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_bfd8596161f9d0982f873f5d7aa76821
-
Size
161KB
-
Sample
250119-g69tcayqhk
-
MD5
bfd8596161f9d0982f873f5d7aa76821
-
SHA1
981b0409afe663ad1a2bc1725ac00107235feef9
-
SHA256
bc78c71d007466adde44f61436a5ee222496670c687380de901cb6385a5d6979
-
SHA512
1f3d5dc89f5bff92efbcba50cb90ece3697ccfba2ed5cb2c01b6f3172bed0c163745eba7e6d0ae7769917785016813f638440be1030d7f6fd27a4fb4856031e0
-
SSDEEP
3072:7VNtd/bF9sl6xAUsmrT8b8ESUp8yLMBTJS0iy20g:7VNtdZyl6+XmGS5Vrzg
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_bfd8596161f9d0982f873f5d7aa76821.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_bfd8596161f9d0982f873f5d7aa76821.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
pony
http://tunningdisel.net/forum/viewtopic.php
http://turbodiselvrx.net/forum/viewtopic.php
-
payload_url
http://3073.a.hostable.me/Z2U.exe
http://85.18.21.252/PNV3Hbi.exe
Targets
-
-
Target
JaffaCakes118_bfd8596161f9d0982f873f5d7aa76821
-
Size
161KB
-
MD5
bfd8596161f9d0982f873f5d7aa76821
-
SHA1
981b0409afe663ad1a2bc1725ac00107235feef9
-
SHA256
bc78c71d007466adde44f61436a5ee222496670c687380de901cb6385a5d6979
-
SHA512
1f3d5dc89f5bff92efbcba50cb90ece3697ccfba2ed5cb2c01b6f3172bed0c163745eba7e6d0ae7769917785016813f638440be1030d7f6fd27a4fb4856031e0
-
SSDEEP
3072:7VNtd/bF9sl6xAUsmrT8b8ESUp8yLMBTJS0iy20g:7VNtdZyl6+XmGS5Vrzg
-
Pony family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-