Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be

  • Size

    148KB

  • Sample

    221129-phwwksbg9v

  • MD5

    8fa1825810977b3f875a88de9d757453

  • SHA1

    1d5d3b3cb8312ec72fba34f4d11ca52e212cc88d

  • SHA256

    6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be

  • SHA512

    f2da58ab80b8f51ea218ea3f20d414b4532325bde9378c3626ee6b455a863412e6e96da424051f16a320b3ca2d811a4030210adfe5a63bbc19c4196c0327b24c

  • SSDEEP

    3072:KA2hCdFXayYEf4B3UptTDYiYC5p5vWwYn9k:7MCbayFfaeCirpQn9

Malware Config

Extracted

Family

pony

C2

http://209.59.223.57/ponyd/gate.php

http://204.145.80.32/ponyd/gate.php

Targets

    • Target

      6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be

    • Size

      148KB

    • MD5

      8fa1825810977b3f875a88de9d757453

    • SHA1

      1d5d3b3cb8312ec72fba34f4d11ca52e212cc88d

    • SHA256

      6db6ac1ce8f946e0b441c1a1be1b0f094cef331231ae4f9d58b30e3e353145be

    • SHA512

      f2da58ab80b8f51ea218ea3f20d414b4532325bde9378c3626ee6b455a863412e6e96da424051f16a320b3ca2d811a4030210adfe5a63bbc19c4196c0327b24c

    • SSDEEP

      3072:KA2hCdFXayYEf4B3UptTDYiYC5p5vWwYn9k:7MCbayFfaeCirpQn9

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks