Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

JaffaCakes...2b.exe

windows7-x64

10

JaffaCakes...2b.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_0e2c88621e1807a66bb78ce8d602922b

  • Size

    127KB

  • Sample

    250122-qzq74azmbm

  • MD5

    0e2c88621e1807a66bb78ce8d602922b

  • SHA1

    79aa3bcd0fbf35393278c51ee645923f8d969105

  • SHA256

    9fe498e61b202a40922399135d42124e99aed15abfe3b27a9ca36021344e8ec6

  • SHA512

    65ddf6ec93942f82c4a8a9a3c9c5b94d77cdac0ae28779421eca8ca9269947994487150c7dfa0b950f7f76bb6b2c19e0498c8795ad6d0ace7e9b4d6ffc2d6d70

  • SSDEEP

    1536:TL+iyhFDZ2qpAz4JkrDj771pr72iR15SbxdAESI+lysxPgqgHKyCSZp6lt+40k5:T2FDzZaDjtF15CAYm88Sb2o40k5

Score
10/10
ponycredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://nolgo.com:8080/pony/gate.php

http://108.166.65.182:8080/pony/gate.php
Attributes
  • payload_url

    http://coco-hellas.gr/fH4EeaUs.exe

    http://fobeca.com.ve/dRrT.exe

    http://repo.billingotomatis.com/RUf.exe

Targets

    • Target

      JaffaCakes118_0e2c88621e1807a66bb78ce8d602922b

    • Size

      127KB

    • MD5

      0e2c88621e1807a66bb78ce8d602922b

    • SHA1

      79aa3bcd0fbf35393278c51ee645923f8d969105

    • SHA256

      9fe498e61b202a40922399135d42124e99aed15abfe3b27a9ca36021344e8ec6

    • SHA512

      65ddf6ec93942f82c4a8a9a3c9c5b94d77cdac0ae28779421eca8ca9269947994487150c7dfa0b950f7f76bb6b2c19e0498c8795ad6d0ace7e9b4d6ffc2d6d70

    • SSDEEP

      1536:TL+iyhFDZ2qpAz4JkrDj771pr72iR15SbxdAESI+lysxPgqgHKyCSZp6lt+40k5:T2FDzZaDjtF15CAYm88Sb2o40k5

    Score
    10/10
    ponycredential_accessdiscoveryratspywarestealer

    • Pony family

      pony

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks