Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dddc84843c9f19f96e6a95572a75685aa38fd17261baeb9da4fc0680285bd4c1

  • Size

    130KB

  • Sample

    221201-vayyvscc4t

  • MD5

    810a1098677fa3c654ff843e9610d26a

  • SHA1

    6a572b247580b1b4775a24b53f7be52e768f4868

  • SHA256

    dddc84843c9f19f96e6a95572a75685aa38fd17261baeb9da4fc0680285bd4c1

  • SHA512

    2eefbf5b3982218482e43a38b395e86f82a76325a2864287b1c11efe52c69b1ac68988668c2875bc810edebac32002eca0caffa0381020264bfe557c3484c1a1

  • SSDEEP

    1536:2ufzrFVbvvfd56en7pYdmhgTUlVEX1e59luIcjSWbzvBFtOClwDlW:TfbLd8e9G+lVEIrlujR7ByOp

Malware Config

Extracted

Family

pony

C2

http://175.118.124.53:8080/forum/viewtopic.php

http://midwdermatology.com:8080/forum/viewtopic.php

http://www.bobadamsinc.com:8080/forum/viewtopic.php

http://www.richadamsinc.com:8080/forum/viewtopic.php

Attributes
  • payload_url

    http://nasosrogas.gr/uwt2b.exe

    http://mtmedia.net/tJr4H.exe

    http://cinemacityhu.iq.pl/iN5Vf.exe

Targets

    • Target

      dddc84843c9f19f96e6a95572a75685aa38fd17261baeb9da4fc0680285bd4c1

    • Size

      130KB

    • MD5

      810a1098677fa3c654ff843e9610d26a

    • SHA1

      6a572b247580b1b4775a24b53f7be52e768f4868

    • SHA256

      dddc84843c9f19f96e6a95572a75685aa38fd17261baeb9da4fc0680285bd4c1

    • SHA512

      2eefbf5b3982218482e43a38b395e86f82a76325a2864287b1c11efe52c69b1ac68988668c2875bc810edebac32002eca0caffa0381020264bfe557c3484c1a1

    • SSDEEP

      1536:2ufzrFVbvvfd56en7pYdmhgTUlVEX1e59luIcjSWbzvBFtOClwDlW:TfbLd8e9G+lVEIrlujR7ByOp

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks