Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    637be346a1b764e9258b244328a60ef2.exe

  • Size

    962KB

  • Sample

    221104-ge513seaal

  • MD5

    637be346a1b764e9258b244328a60ef2

  • SHA1

    b995ae703d98ca0b211b82920ffc5ddb86391861

  • SHA256

    29aca38a4c1e9a66d6b4bc3ef35413141853da6bd1491c931d7c3a695c3a03dd

  • SHA512

    09cc5da4074c8a1f81513b14e5ba4254516a0781da24897e1a3422e8c4d5d5f735cfcf9b15c749143da92fe2723e2db3609716f4d859c05a1dc03a278c92d4bb

  • SSDEEP

    24576:wGmj/1yqMiwFev4DDv26P+7/7gnQzg7799B:wGqy2Z4e6P+j7gnQw79

Malware Config

Extracted

Family

pony

C2

http://185.165.29.116/kjosh1/1/gate.php

Targets

    • Target

      637be346a1b764e9258b244328a60ef2.exe

    • Size

      962KB

    • MD5

      637be346a1b764e9258b244328a60ef2

    • SHA1

      b995ae703d98ca0b211b82920ffc5ddb86391861

    • SHA256

      29aca38a4c1e9a66d6b4bc3ef35413141853da6bd1491c931d7c3a695c3a03dd

    • SHA512

      09cc5da4074c8a1f81513b14e5ba4254516a0781da24897e1a3422e8c4d5d5f735cfcf9b15c749143da92fe2723e2db3609716f4d859c05a1dc03a278c92d4bb

    • SSDEEP

      24576:wGmj/1yqMiwFev4DDv26P+7/7gnQzg7799B:wGqy2Z4e6P+j7gnQw79

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks