Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f8d8fb6a1a1cdb4263e3e31007893b20

  • Size

    97KB

  • Sample

    231228-z6f55sbec4

  • MD5

    f8d8fb6a1a1cdb4263e3e31007893b20

  • SHA1

    abac35a018b42c95d3108161cb18cc047f30c2f3

  • SHA256

    35ecf27d3f771930f554e9a3cd161f0db5af6616272644c2846f5eb3a50f94c8

  • SHA512

    09d4778c6ce219f1dc4503431237cb190728db9d424d82800be0a4337b7d9e73167c6a78b7285289b5ccf9a3389f7e897301c5fdf40a51d21db00d5b67ea571f

  • SSDEEP

    1536:rz50zU4OJdqxhXS1ZHD0iR8GARZKWR7QIexpvpnenYeLS2uRQRJk/UjCzhX0Knd:vYOSuj0iRpAfh0zpneVS2u6Tih7d

Malware Config

Extracted

Family

pony

C2

http://home.creation.lt:8080/pony/gate.php

http://46.4.190.107:8081/pony/gate.php

Attributes
  • payload_url

    http://www.offshore-seychelles.ro/TX5hP.exe

Targets

    • Target

      f8d8fb6a1a1cdb4263e3e31007893b20

    • Size

      97KB

    • MD5

      f8d8fb6a1a1cdb4263e3e31007893b20

    • SHA1

      abac35a018b42c95d3108161cb18cc047f30c2f3

    • SHA256

      35ecf27d3f771930f554e9a3cd161f0db5af6616272644c2846f5eb3a50f94c8

    • SHA512

      09d4778c6ce219f1dc4503431237cb190728db9d424d82800be0a4337b7d9e73167c6a78b7285289b5ccf9a3389f7e897301c5fdf40a51d21db00d5b67ea571f

    • SSDEEP

      1536:rz50zU4OJdqxhXS1ZHD0iR8GARZKWR7QIexpvpnenYeLS2uRQRJk/UjCzhX0Knd:vYOSuj0iRpAfh0zpneVS2u6Tih7d

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks