Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
629e55a07180505ba39148a72e23e7c9.exe
-
Size
97KB
-
Sample
240106-l1823sdafp
-
MD5
629e55a07180505ba39148a72e23e7c9
-
SHA1
47b4a9a70b552876ba80f5c632a0e0ca3f7de412
-
SHA256
17329c563d503e66c89de3f791b16aca877f30ae97bf246f0e3cecc970407a5a
-
SHA512
30dadd3b7ac3ef27458971b2a5f9afe78300445a9f0510bc13e2e1f876453842b64dcfcdd7b3bee7d916a7095ae999e14a5a19246c629b59859e5a3eeac5ca6d
-
SSDEEP
1536:Wz56tPVhxAbRcG0/DE7Bb85DbLqikrm5bCah8R0nenYexOZ7D85io4hiGK8o:UWhBDE7BbWD/kC5I+neL2nHo
Malware Config
Extracted
pony
http://home.creation.lt:8080/pony/gate.php
http://46.4.190.107:8081/pony/gate.php
-
payload_url
http://die-filmerzeuger.com/bFdp8Wh.exe
http://ahplgroup.com/5g51T.exe
http://siatex.co.cc/Sbw5cQw.exe
Targets
-
-
Target
629e55a07180505ba39148a72e23e7c9.exe
-
Size
97KB
-
MD5
629e55a07180505ba39148a72e23e7c9
-
SHA1
47b4a9a70b552876ba80f5c632a0e0ca3f7de412
-
SHA256
17329c563d503e66c89de3f791b16aca877f30ae97bf246f0e3cecc970407a5a
-
SHA512
30dadd3b7ac3ef27458971b2a5f9afe78300445a9f0510bc13e2e1f876453842b64dcfcdd7b3bee7d916a7095ae999e14a5a19246c629b59859e5a3eeac5ca6d
-
SSDEEP
1536:Wz56tPVhxAbRcG0/DE7Bb85DbLqikrm5bCah8R0nenYexOZ7D85io4hiGK8o:UWhBDE7BbWD/kC5I+neL2nHo
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-