Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2

  • Size

    105KB

  • Sample

    221201-fw1x1sgc64

  • MD5

    7de0574716e70d50a85b4861d9144cd1

  • SHA1

    c3d95c99a529f55d0358c847c773081d321e54fc

  • SHA256

    337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2

  • SHA512

    5beb7a79264e69e0b481f7f53c157350ac707f51cca7689464a2a5ad06f3fd72c981647c6af83ca996ec60d1841734f987eeb113442ecb0d89799640974682e8

  • SSDEEP

    3072:WKKJ7rL659FUk0TaHoBU4lyOferrWcJbK+srqGBWooXmLmBIr:1WrL65/EKoVVGrf9srqGsoQmLmBO

Malware Config

Extracted

Family

pony

C2

http://paralysiesfaciale.com:8080/forum/viewtopic.php

http://paralysiesfaciales.com:8080/forum/viewtopic.php

http://shop.smsmpi.com:8080/forum/viewtopic.php

http://smsmpi.com:8080/forum/viewtopic.php

Attributes
  • payload_url

    http://kerrybrunson.com/dvF.exe

    http://www.nause.com/LjRjU.exe

    http://dackle.com/pM7v93.exe

Targets

    • Target

      337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2

    • Size

      105KB

    • MD5

      7de0574716e70d50a85b4861d9144cd1

    • SHA1

      c3d95c99a529f55d0358c847c773081d321e54fc

    • SHA256

      337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2

    • SHA512

      5beb7a79264e69e0b481f7f53c157350ac707f51cca7689464a2a5ad06f3fd72c981647c6af83ca996ec60d1841734f987eeb113442ecb0d89799640974682e8

    • SSDEEP

      3072:WKKJ7rL659FUk0TaHoBU4lyOferrWcJbK+srqGBWooXmLmBIr:1WrL65/EKoVVGrf9srqGsoQmLmBO

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks