Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    35c2b90cd490c0daba63ec1068a4b7b85f2c463c09ff96f8c243b0bb5b099581

  • Size

    134KB

  • Sample

    221019-tanmfsegdr

  • MD5

    9074ad8e7d19739ce8113acce24c34b0

  • SHA1

    e7fd0062e4554dfcd3e9bd0219d93c44994f6345

  • SHA256

    35c2b90cd490c0daba63ec1068a4b7b85f2c463c09ff96f8c243b0bb5b099581

  • SHA512

    ef21e175c3b2e3abed4c1d8e16b7949b9d0caaebca7ff5c0b0501049235b074d4197f5cf5a1798a94e5c91ede198dbdeeeac8464c5fb8aa2b9dd0cd21944668e

  • SSDEEP

    1536:2y1Yam3DTBJ/42jilEyUWQ/H7Sn0ewrT3ciB1Ddh0J1UfE33uNu882Fp/LS7J5GP:D13Yza87gwv3XhCXIFpLS/GgDOPa0u

Malware Config

Extracted

Family

pony

C2

http://mail.yaklasim.com:8080/forum/viewtopic.php

http://116.122.158.195:8080/forum/viewtopic.php

http://lifestylenewwindows.com/forum/viewtopic.php

http://lifestylepreferred.com/forum/viewtopic.php

Attributes
  • payload_url

    http://khnautomationsystems.com/GSFjGSu.exe

    http://ftp.adaro.sk/yJkedZ.exe

    http://lobbyarkansas.com/Xv59kM.exe

    http://yoolane.com/1Dhkj.exe

Targets

    • Target

      35c2b90cd490c0daba63ec1068a4b7b85f2c463c09ff96f8c243b0bb5b099581

    • Size

      134KB

    • MD5

      9074ad8e7d19739ce8113acce24c34b0

    • SHA1

      e7fd0062e4554dfcd3e9bd0219d93c44994f6345

    • SHA256

      35c2b90cd490c0daba63ec1068a4b7b85f2c463c09ff96f8c243b0bb5b099581

    • SHA512

      ef21e175c3b2e3abed4c1d8e16b7949b9d0caaebca7ff5c0b0501049235b074d4197f5cf5a1798a94e5c91ede198dbdeeeac8464c5fb8aa2b9dd0cd21944668e

    • SSDEEP

      1536:2y1Yam3DTBJ/42jilEyUWQ/H7Sn0ewrT3ciB1Ddh0J1UfE33uNu882Fp/LS7J5GP:D13Yza87gwv3XhCXIFpLS/GgDOPa0u

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks