Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    91a6f946e071ef2e03302185af8493640a1deb5671052a77dbd460a71c486b59

  • Size

    175KB

  • Sample

    221201-a5es9aaa88

  • MD5

    93811281381427f0276ce45cb561ae10

  • SHA1

    d533257c52c4791850405f80e3ef04affad1bcc3

  • SHA256

    91a6f946e071ef2e03302185af8493640a1deb5671052a77dbd460a71c486b59

  • SHA512

    4e695509f2de85ed47a23521e13fcb1e9c907216e57b98db093e01953a71c4c02c1d72bd26906896aa4676e5af086efb367afd417194ec3a3b106463b5046425

  • SSDEEP

    3072:63yGUSpMijA/r4rntzuo7r67PTaIMNdCh+jCiiZOLhezGu:IyGUcMkA/r4rtzuo7O7POPxG3

Malware Config

Targets

    • Target

      91a6f946e071ef2e03302185af8493640a1deb5671052a77dbd460a71c486b59

    • Size

      175KB

    • MD5

      93811281381427f0276ce45cb561ae10

    • SHA1

      d533257c52c4791850405f80e3ef04affad1bcc3

    • SHA256

      91a6f946e071ef2e03302185af8493640a1deb5671052a77dbd460a71c486b59

    • SHA512

      4e695509f2de85ed47a23521e13fcb1e9c907216e57b98db093e01953a71c4c02c1d72bd26906896aa4676e5af086efb367afd417194ec3a3b106463b5046425

    • SSDEEP

      3072:63yGUSpMijA/r4rntzuo7r67PTaIMNdCh+jCiiZOLhezGu:IyGUcMkA/r4rtzuo7O7POPxG3

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks