Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Edge Stealer 4.0.rar
-
Size
147.3MB
-
Sample
230712-cfrsmacf6x
-
MD5
59cdd089cea4e3ed30b008a5db1c1188
-
SHA1
8f1fa4b385dd93cb822973fdd09d6e84fcf24617
-
SHA256
971ecbbd16b4202bdab0abd676cefdd9f983b6d600f06c17479b444f01b97253
-
SHA512
c9f711e45546ea9c8c93e5182b2c3302feb07ec2b968c7cdc8a6d7672f5804b72fc59aee1ecc2a7b1729b8de9cab91fc157584ae72e51ff3dc413435b31a7a10
-
SSDEEP
3145728:18UtABR8FkUNNC3cZ1IkZoY3ysYB4x6wAeVv+iH7bLY7Pj:uUyfsNNOlkxyTeV17vYrj
Static task
static1
Behavioral task
behavioral1
Sample
Edge Stealer 4.0/Edge Stealer 4.0.sfx.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
Protocol: ftp- Host:
213.142.151.196 - Port:
21 - Username:
admin_edge - Password:
Black900...
Targets
-
-
Target
Edge Stealer 4.0/Edge Stealer 4.0.sfx.exe
-
Size
143.1MB
-
MD5
1407c120c9886106007bdf73e03e4c88
-
SHA1
d11e1050b5d495174006e054df7f059799fd520b
-
SHA256
9e499b8665959e8df1eea5ce5e835895b8193b75ed2a04cce7a3639216cb74db
-
SHA512
c91ec5c3cd5f2c7083d6120c4b87aebd40a203d7e78e2bec4f48075ee1b1e27af728d50483b5e2fde55b23f7825fcef9029085a6b2f4b738907222dc0d5ba9a8
-
SSDEEP
3145728:y8UtABR8FkUNNC3cZ1IkZoY3ysYB4x6wAeVv+iH7bLY7v:FUyfsNNOlkxyTeV17vY7
Score10/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-