Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    90bd42146a397f05d080c977f0037991c00e8b679153a9dce23caf1e1e17e310

  • Size

    89KB

  • Sample

    221020-ynjmwacdg4

  • MD5

    7c19d6e691f7ac2d5308277874fbde34

  • SHA1

    9a6f7140e34ecdbc7a2d5e3b900942314592a4fa

  • SHA256

    90bd42146a397f05d080c977f0037991c00e8b679153a9dce23caf1e1e17e310

  • SHA512

    ee72f7c2498f37c411aba4579af6e15a58ee790c073f0ea5faf46f1d662c6a95641218ab0cbe747f1db6c84d25514c201209c4ebffbf285e5643cb27448cef67

  • SSDEEP

    1536:XL7hqt2ikjRD6U4XAXA84Y43xtJCvg678OKfebF:7VC2xD6lAQ84Bx7lw/bF

Malware Config

Extracted

Family

pony

C2

http://jdjhsy.pw:4915/way/like.php

http://klrdet.pw:4915/way/like.php

Targets

    • Target

      90bd42146a397f05d080c977f0037991c00e8b679153a9dce23caf1e1e17e310

    • Size

      89KB

    • MD5

      7c19d6e691f7ac2d5308277874fbde34

    • SHA1

      9a6f7140e34ecdbc7a2d5e3b900942314592a4fa

    • SHA256

      90bd42146a397f05d080c977f0037991c00e8b679153a9dce23caf1e1e17e310

    • SHA512

      ee72f7c2498f37c411aba4579af6e15a58ee790c073f0ea5faf46f1d662c6a95641218ab0cbe747f1db6c84d25514c201209c4ebffbf285e5643cb27448cef67

    • SSDEEP

      1536:XL7hqt2ikjRD6U4XAXA84Y43xtJCvg678OKfebF:7VC2xD6lAQ84Bx7lw/bF

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks