Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

adea28f130...f7.exe

windows7-x64

10

adea28f130...f7.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adea28f1309f265cfbbb95b7663a18f7.exe

  • Size

    196KB

  • Sample

    240107-x8mdtsddh4

  • MD5

    adea28f1309f265cfbbb95b7663a18f7

  • SHA1

    61e0f065f39d65ccd52cbe42e2da451342434117

  • SHA256

    17d37466c7dc382b8430d86e5419fb982eef62bdaeb0bfe67d6d0305c01f432d

  • SHA512

    ff1a6bd3fda92a2f8c08510007458e582f8ae4766396987f8f949eb9d90d9df74350be634bf48740d64704730b0aa25521cf65864e64ae6ac2831bbe412d28a5

  • SSDEEP

    1536:SNVoUKgLtW1ZhS4StjlZ8MT2dM1Bfy5YNdDhnmbPlikUQM+EQB3EMCUT3SjmIOKO:MoUXg1ZAjLyalvhm7likUQMM3DT3a0KO

Score
10/10
ponycollectiondiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://etsiunjour.fr:81/pony/gate.php

http://174.140.163.141/pony/gate.php
Attributes
  • payload_url

    http://download.avmap.it/85qxdKc6/pThNZir.exe

    http://tcursos.com.br/HLFohbca/0mwsKDEb.exe

    http://advancewebsites.com/mVZtnnSu/DbQip.exe

    http://railgrafx.id.au/pRWKeGe8/QBA.exe

Targets

    • Target

      adea28f1309f265cfbbb95b7663a18f7.exe

    • Size

      196KB

    • MD5

      adea28f1309f265cfbbb95b7663a18f7

    • SHA1

      61e0f065f39d65ccd52cbe42e2da451342434117

    • SHA256

      17d37466c7dc382b8430d86e5419fb982eef62bdaeb0bfe67d6d0305c01f432d

    • SHA512

      ff1a6bd3fda92a2f8c08510007458e582f8ae4766396987f8f949eb9d90d9df74350be634bf48740d64704730b0aa25521cf65864e64ae6ac2831bbe412d28a5

    • SSDEEP

      1536:SNVoUKgLtW1ZhS4StjlZ8MT2dM1Bfy5YNdDhnmbPlikUQM+EQB3EMCUT3SjmIOKO:MoUXg1ZAjLyalvhm7likUQMM3DT3a0KO

    Score
    10/10
    ponycollectiondiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks