Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ce8e77c87ff89a0ff1a1d49d3a36731bcfa22345f6d8f8be874f1f0f564b343e

  • Size

    100KB

  • Sample

    221206-jvm7babh81

  • MD5

    e11ffb6c4537bf748a5116dbda710edd

  • SHA1

    90a48637cb61df438c4a6b4b20a4149a968ebf77

  • SHA256

    ce8e77c87ff89a0ff1a1d49d3a36731bcfa22345f6d8f8be874f1f0f564b343e

  • SHA512

    1ebdc3e842bad43d22ee1037689a874e206da31724e4112e9c018abdbbab8a23610a51ed5ae918cdd24854e56a94ca56ff8ef157a939c92d0cb2e41118bc035c

  • SSDEEP

    1536:Sc4hj+ULTD3L3dCO0qh9yBVPF6t2lD7XIOTYP7pt74RvV6UFtYRR/:d4xLTDjIoriVPotWIjzpeb1tYRd

Malware Config

Extracted

Family

pony

C2

http://115.47.49.181/xSZ64Wiax/ojXVZBxRQVfp6gAUziCGnB8V7Aikbs0Z.php

Targets

    • Target

      ce8e77c87ff89a0ff1a1d49d3a36731bcfa22345f6d8f8be874f1f0f564b343e

    • Size

      100KB

    • MD5

      e11ffb6c4537bf748a5116dbda710edd

    • SHA1

      90a48637cb61df438c4a6b4b20a4149a968ebf77

    • SHA256

      ce8e77c87ff89a0ff1a1d49d3a36731bcfa22345f6d8f8be874f1f0f564b343e

    • SHA512

      1ebdc3e842bad43d22ee1037689a874e206da31724e4112e9c018abdbbab8a23610a51ed5ae918cdd24854e56a94ca56ff8ef157a939c92d0cb2e41118bc035c

    • SSDEEP

      1536:Sc4hj+ULTD3L3dCO0qh9yBVPF6t2lD7XIOTYP7pt74RvV6UFtYRR/:d4xLTDjIoriVPotWIjzpeb1tYRd

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks