Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    53640549adeafc14bff28e22e.exe

  • Size

    750KB

  • Sample

    230704-pxmw8ach65

  • MD5

    53640549adeafc14bff28e22e378b681

  • SHA1

    c46173128148a0fb90c7aa67553068035edc8d04

  • SHA256

    f8be822eb877bfb50b6d04449004f9778ed732b877c4f2975313b8559cf6e842

  • SHA512

    0c74669ac5fcc63f0579acd7a377bf286e5bb3b5e574efbc14e541471c87b46d88bc6e76e2bd974223a079944acda0a7a7f7ca829f2e2e8de0a88acc9653ff24

  • SSDEEP

    12288:VS/nqdGGwe4kVt7eKS9HvO1WVZ08yDgG:cSwGwNZKMeX

Malware Config

Extracted

Family

stealc

C2

http://45.150.65.128/bcbdd35a8286b150.php

Targets

    • Target

      53640549adeafc14bff28e22e.exe

    • Size

      750KB

    • MD5

      53640549adeafc14bff28e22e378b681

    • SHA1

      c46173128148a0fb90c7aa67553068035edc8d04

    • SHA256

      f8be822eb877bfb50b6d04449004f9778ed732b877c4f2975313b8559cf6e842

    • SHA512

      0c74669ac5fcc63f0579acd7a377bf286e5bb3b5e574efbc14e541471c87b46d88bc6e76e2bd974223a079944acda0a7a7f7ca829f2e2e8de0a88acc9653ff24

    • SSDEEP

      12288:VS/nqdGGwe4kVt7eKS9HvO1WVZ08yDgG:cSwGwNZKMeX

    • Detects Stealc stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks