Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
10e82b6ad59c2ab5f97f96e60.exe
-
Size
2.2MB
-
Sample
230709-m3snjsdb7s
-
MD5
10e82b6ad59c2ab5f97f96e6060bb12e
-
SHA1
9491bd29357513c63d703ac9d99dcf25251d7cd7
-
SHA256
3bd221e945c0da67960f21c8bec0d678ff84f10dcf3b5866ed57a1ced810cbd9
-
SHA512
382fcf2a97391d739d1543ded334f48a2e1f32471649a1837aa7a6902b6126fbd40178371681bbfdf7d1f6b46af10ec91f96cb6a9ed598e87617dd9574a64d8f
-
SSDEEP
49152:vBuZrEUiWqJZU2zF35Me89k6YQoWH6hBJLJZ2iZ3vxm3c7ldhA:ZkLiWqJZU4F3XEYVbXvm3chA
Static task
static1
Behavioral task
behavioral1
Sample
10e82b6ad59c2ab5f97f96e60.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
10e82b6ad59c2ab5f97f96e60.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
stealc
http://65.21.118.113/d04727a8ed5e33a1.php
Targets
-
-
Target
10e82b6ad59c2ab5f97f96e60.exe
-
Size
2.2MB
-
MD5
10e82b6ad59c2ab5f97f96e6060bb12e
-
SHA1
9491bd29357513c63d703ac9d99dcf25251d7cd7
-
SHA256
3bd221e945c0da67960f21c8bec0d678ff84f10dcf3b5866ed57a1ced810cbd9
-
SHA512
382fcf2a97391d739d1543ded334f48a2e1f32471649a1837aa7a6902b6126fbd40178371681bbfdf7d1f6b46af10ec91f96cb6a9ed598e87617dd9574a64d8f
-
SSDEEP
49152:vBuZrEUiWqJZU2zF35Me89k6YQoWH6hBJLJZ2iZ3vxm3c7ldhA:ZkLiWqJZU4F3XEYVbXvm3chA
-
Detects Stealc stealer
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-