Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac349e86e1a3de81b93dcb31f7a229fe33b114ab326b4b426489d4218f4d3671

  • Size

    172KB

  • Sample

    221130-3hbgjaee76

  • MD5

    eb4471b12587eb563e2ce2dfcd58beef

  • SHA1

    f24e9dd9550dacbbf4f4a1aedeccbd6b7ecfee10

  • SHA256

    ac349e86e1a3de81b93dcb31f7a229fe33b114ab326b4b426489d4218f4d3671

  • SHA512

    1ebca033b19f5549264bd88ee7e8426b67a5929e19237f6cd75cfb70088ba0f8dc10edb04794c493ee295f358c8b3e5d4522dc6f27c43445bf46a6d04a301e06

  • SSDEEP

    3072:vxttV9mGTIrD6GdYyCC/xU+z7gIqucSD8g:vx7VQTrHd2r+z7gzuLg

Malware Config

Targets

    • Target

      ac349e86e1a3de81b93dcb31f7a229fe33b114ab326b4b426489d4218f4d3671

    • Size

      172KB

    • MD5

      eb4471b12587eb563e2ce2dfcd58beef

    • SHA1

      f24e9dd9550dacbbf4f4a1aedeccbd6b7ecfee10

    • SHA256

      ac349e86e1a3de81b93dcb31f7a229fe33b114ab326b4b426489d4218f4d3671

    • SHA512

      1ebca033b19f5549264bd88ee7e8426b67a5929e19237f6cd75cfb70088ba0f8dc10edb04794c493ee295f358c8b3e5d4522dc6f27c43445bf46a6d04a301e06

    • SSDEEP

      3072:vxttV9mGTIrD6GdYyCC/xU+z7gIqucSD8g:vx7VQTrHd2r+z7gzuLg

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks