Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Edge Stealer 4.0.rar

  • Size

    147.3MB

  • Sample

    230712-cfrsmacf6x

  • MD5

    59cdd089cea4e3ed30b008a5db1c1188

  • SHA1

    8f1fa4b385dd93cb822973fdd09d6e84fcf24617

  • SHA256

    971ecbbd16b4202bdab0abd676cefdd9f983b6d600f06c17479b444f01b97253

  • SHA512

    c9f711e45546ea9c8c93e5182b2c3302feb07ec2b968c7cdc8a6d7672f5804b72fc59aee1ecc2a7b1729b8de9cab91fc157584ae72e51ff3dc413435b31a7a10

  • SSDEEP

    3145728:18UtABR8FkUNNC3cZ1IkZoY3ysYB4x6wAeVv+iH7bLY7Pj:uUyfsNNOlkxyTeV17vYrj

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    213.142.151.196
  • Port:
    21
  • Username:
    admin_edge
  • Password:
    Black900...

Targets

    • Target

      Edge Stealer 4.0/Edge Stealer 4.0.sfx.exe

    • Size

      143.1MB

    • MD5

      1407c120c9886106007bdf73e03e4c88

    • SHA1

      d11e1050b5d495174006e054df7f059799fd520b

    • SHA256

      9e499b8665959e8df1eea5ce5e835895b8193b75ed2a04cce7a3639216cb74db

    • SHA512

      c91ec5c3cd5f2c7083d6120c4b87aebd40a203d7e78e2bec4f48075ee1b1e27af728d50483b5e2fde55b23f7825fcef9029085a6b2f4b738907222dc0d5ba9a8

    • SSDEEP

      3145728:y8UtABR8FkUNNC3cZ1IkZoY3ysYB4x6wAeVv+iH7bLY7v:FUyfsNNOlkxyTeV17vY7

    Score
    10/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Modifies system executable filetype association

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks