Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c5f1dd526e09e635b8b7cbe7658358e042ddf092bdda814a3328a42f47e49cbe

  • Size

    81KB

  • Sample

    221201-wl91yahc2s

  • MD5

    ab1094bc750e9ee2604b4c69d4b27099

  • SHA1

    2093c3b4232929ee355cef027f02b8fa56475c17

  • SHA256

    c5f1dd526e09e635b8b7cbe7658358e042ddf092bdda814a3328a42f47e49cbe

  • SHA512

    4929580a82a8d6b3c11d9578788291953cc196b856c29f2069d33b9ab5bf96b4111701cfb41c3e2a7fdc5b32f847cfb84b0f23e5ba457f0cb1bb835ca0682481

  • SSDEEP

    1536:6aH1w5TZVN7ciGKTFmLq6d7b/PjuYgFIPV6KFTf3iimaHUavfvV:V1qrd3TFmGo/LuYGIdnfd2un

Malware Config

Extracted

Family

pony

C2

http://dreststat.info:2346/pony/mac.php

http://dertystat.info:2346/pony/mac.php

Attributes
  • payload_url

    http://dertystat.info:2346/pony/view/kos.exe

Targets

    • Target

      c5f1dd526e09e635b8b7cbe7658358e042ddf092bdda814a3328a42f47e49cbe

    • Size

      81KB

    • MD5

      ab1094bc750e9ee2604b4c69d4b27099

    • SHA1

      2093c3b4232929ee355cef027f02b8fa56475c17

    • SHA256

      c5f1dd526e09e635b8b7cbe7658358e042ddf092bdda814a3328a42f47e49cbe

    • SHA512

      4929580a82a8d6b3c11d9578788291953cc196b856c29f2069d33b9ab5bf96b4111701cfb41c3e2a7fdc5b32f847cfb84b0f23e5ba457f0cb1bb835ca0682481

    • SSDEEP

      1536:6aH1w5TZVN7ciGKTFmLq6d7b/PjuYgFIPV6KFTf3iimaHUavfvV:V1qrd3TFmGo/LuYGIdnfd2un

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks