Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486

  • Size

    516KB

  • Sample

    221128-bb275acc64

  • MD5

    bbd539c2f5907147c24614a1ed21de90

  • SHA1

    d3d5df580586d2bbab8eba1b7e0271828b37580e

  • SHA256

    e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486

  • SHA512

    da310805d1fdfb4d4bbad1ddd9daa8ab611f914d33f1dcbc23a8d16c71759aadecd485f67fc1fc017e297d28c1bc80fb7eaec5ef99a0b75b8849a011871a9e96

  • SSDEEP

    6144:IlcfoLCm2AhVyVycDr3XiEDl+M8iFvjMlieJD6m/qNHcn7:MGSCmiVVD5Dl+yjMAq6rp2

Malware Config

Extracted

Family

pony

C2

http://91.220.163.21/pony2/gate.php

Targets

    • Target

      e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486

    • Size

      516KB

    • MD5

      bbd539c2f5907147c24614a1ed21de90

    • SHA1

      d3d5df580586d2bbab8eba1b7e0271828b37580e

    • SHA256

      e55848ba56fa4c8d03509dbc75c00aef7e4f91a19144eb39799ae96589c40486

    • SHA512

      da310805d1fdfb4d4bbad1ddd9daa8ab611f914d33f1dcbc23a8d16c71759aadecd485f67fc1fc017e297d28c1bc80fb7eaec5ef99a0b75b8849a011871a9e96

    • SSDEEP

      6144:IlcfoLCm2AhVyVycDr3XiEDl+M8iFvjMlieJD6m/qNHcn7:MGSCmiVVD5Dl+yjMAq6rp2

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks