Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    629e55a07180505ba39148a72e23e7c9.exe

  • Size

    97KB

  • Sample

    240106-l1823sdafp

  • MD5

    629e55a07180505ba39148a72e23e7c9

  • SHA1

    47b4a9a70b552876ba80f5c632a0e0ca3f7de412

  • SHA256

    17329c563d503e66c89de3f791b16aca877f30ae97bf246f0e3cecc970407a5a

  • SHA512

    30dadd3b7ac3ef27458971b2a5f9afe78300445a9f0510bc13e2e1f876453842b64dcfcdd7b3bee7d916a7095ae999e14a5a19246c629b59859e5a3eeac5ca6d

  • SSDEEP

    1536:Wz56tPVhxAbRcG0/DE7Bb85DbLqikrm5bCah8R0nenYexOZ7D85io4hiGK8o:UWhBDE7BbWD/kC5I+neL2nHo

Malware Config

Extracted

Family

pony

C2

http://home.creation.lt:8080/pony/gate.php

http://46.4.190.107:8081/pony/gate.php

Attributes
  • payload_url

    http://die-filmerzeuger.com/bFdp8Wh.exe

    http://ahplgroup.com/5g51T.exe

    http://siatex.co.cc/Sbw5cQw.exe

Targets

    • Target

      629e55a07180505ba39148a72e23e7c9.exe

    • Size

      97KB

    • MD5

      629e55a07180505ba39148a72e23e7c9

    • SHA1

      47b4a9a70b552876ba80f5c632a0e0ca3f7de412

    • SHA256

      17329c563d503e66c89de3f791b16aca877f30ae97bf246f0e3cecc970407a5a

    • SHA512

      30dadd3b7ac3ef27458971b2a5f9afe78300445a9f0510bc13e2e1f876453842b64dcfcdd7b3bee7d916a7095ae999e14a5a19246c629b59859e5a3eeac5ca6d

    • SSDEEP

      1536:Wz56tPVhxAbRcG0/DE7Bb85DbLqikrm5bCah8R0nenYexOZ7D85io4hiGK8o:UWhBDE7BbWD/kC5I+neL2nHo

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks