Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8

  • Size

    98KB

  • Sample

    221205-p89v5aff3t

  • MD5

    3cb544d8e38d94c9cd0065566a869f56

  • SHA1

    c075559834f31bb24295f8a16ac0b54fe8782ac8

  • SHA256

    8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8

  • SHA512

    dc85f858f4845ad171b590fb0ad4045e3979aab781b5752bc1ad552c0cbfacdaaefbd74989af3b6f9561c6d1de8efcc53f1e33966aa64b032c5f3c0b657a2d92

  • SSDEEP

    1536:wP5swm+o8CoXX8hZfi6gZ1axm4uz+UimOzQ6VVTr8R0ppAJ1Za:wP5t7jMhZ23axxmuV5gRepAJq

Malware Config

Extracted

Family

pony

C2

http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php

Targets

    • Target

      8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8

    • Size

      98KB

    • MD5

      3cb544d8e38d94c9cd0065566a869f56

    • SHA1

      c075559834f31bb24295f8a16ac0b54fe8782ac8

    • SHA256

      8a1b82e89166303eb3e19378fb4c4435742ece2ec14092fbbe2a35c7a69c2fe8

    • SHA512

      dc85f858f4845ad171b590fb0ad4045e3979aab781b5752bc1ad552c0cbfacdaaefbd74989af3b6f9561c6d1de8efcc53f1e33966aa64b032c5f3c0b657a2d92

    • SSDEEP

      1536:wP5swm+o8CoXX8hZfi6gZ1axm4uz+UimOzQ6VVTr8R0ppAJ1Za:wP5t7jMhZ23axxmuV5gRepAJq

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks