Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f6173297af...18.exe

windows7-x64

10

f6173297af...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6173297af82d03740d8a171fc88c681_JaffaCakes118

  • Size

    126KB

  • Sample

    240925-qgd5taxcjj

  • MD5

    f6173297af82d03740d8a171fc88c681

  • SHA1

    ea88102573804d9bc39ad2b472065395ac0068ac

  • SHA256

    341d2a148986be232f6ca27e6c1caee50dff1a127fef3f3fccc87c54eadc8fb7

  • SHA512

    20a6f19e36bb035b475949ad9b291c567802eb7dc60a21fefc29e20ad0fed3b2d4ac987cda176cdea92c7efa24066dc993e7839089e700ffc32432d5fb7c5043

  • SSDEEP

    3072:yJq35L0a1Oop/Cs5D7GV8TXy1dqd5QBSZdO1KhJh:yJRoOoJb5/GV8LVdXu

Score
10/10
ponycollectioncredential_accessdiscoveryratspywarestealer

Malware Config

Extracted

Family

pony

C2

http://blog.ritual.ca:8080/forum/viewtopic.php

http://dontgetcaught.ca:8080/forum/viewtopic.php

http://justcateringfoodservices.com:8080/forum/viewtopic.php

http://lumberlandnorth.com:8080/forum/viewtopic.php
Attributes
  • payload_url

    http://bluegrassornamentaliron.com/5AUPnx.exe

    http://mariefredbk.se/TE2ECpWp.exe

    http://stefan-auerswald.de/jPA.exe

Targets

    • Target

      f6173297af82d03740d8a171fc88c681_JaffaCakes118

    • Size

      126KB

    • MD5

      f6173297af82d03740d8a171fc88c681

    • SHA1

      ea88102573804d9bc39ad2b472065395ac0068ac

    • SHA256

      341d2a148986be232f6ca27e6c1caee50dff1a127fef3f3fccc87c54eadc8fb7

    • SHA512

      20a6f19e36bb035b475949ad9b291c567802eb7dc60a21fefc29e20ad0fed3b2d4ac987cda176cdea92c7efa24066dc993e7839089e700ffc32432d5fb7c5043

    • SSDEEP

      3072:yJq35L0a1Oop/Cs5D7GV8TXy1dqd5QBSZdO1KhJh:yJRoOoJb5/GV8LVdXu

    Score
    10/10
    ponycollectioncredential_accessdiscoveryratspywarestealer

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

      ratspywarestealerpony

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks