Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    10e82b6ad59c2ab5f97f96e60.exe

  • Size

    2.2MB

  • Sample

    230709-m3snjsdb7s

  • MD5

    10e82b6ad59c2ab5f97f96e6060bb12e

  • SHA1

    9491bd29357513c63d703ac9d99dcf25251d7cd7

  • SHA256

    3bd221e945c0da67960f21c8bec0d678ff84f10dcf3b5866ed57a1ced810cbd9

  • SHA512

    382fcf2a97391d739d1543ded334f48a2e1f32471649a1837aa7a6902b6126fbd40178371681bbfdf7d1f6b46af10ec91f96cb6a9ed598e87617dd9574a64d8f

  • SSDEEP

    49152:vBuZrEUiWqJZU2zF35Me89k6YQoWH6hBJLJZ2iZ3vxm3c7ldhA:ZkLiWqJZU4F3XEYVbXvm3chA

Malware Config

Extracted

Family

stealc

C2

http://65.21.118.113/d04727a8ed5e33a1.php

Targets

    • Target

      10e82b6ad59c2ab5f97f96e60.exe

    • Size

      2.2MB

    • MD5

      10e82b6ad59c2ab5f97f96e6060bb12e

    • SHA1

      9491bd29357513c63d703ac9d99dcf25251d7cd7

    • SHA256

      3bd221e945c0da67960f21c8bec0d678ff84f10dcf3b5866ed57a1ced810cbd9

    • SHA512

      382fcf2a97391d739d1543ded334f48a2e1f32471649a1837aa7a6902b6126fbd40178371681bbfdf7d1f6b46af10ec91f96cb6a9ed598e87617dd9574a64d8f

    • SSDEEP

      49152:vBuZrEUiWqJZU2zF35Me89k6YQoWH6hBJLJZ2iZ3vxm3c7ldhA:ZkLiWqJZU4F3XEYVbXvm3chA

    • Detects Stealc stealer

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks