Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9452dff09397314ab6dc4c685e6c8f02.bin

  • Size

    197KB

  • Sample

    231007-chaxwsbb23

  • MD5

    1f9c8e6149f9dd8842301d08a7d4ffd0

  • SHA1

    ffdd61d1a808d8bc2e1dadf14e644372a978b1f8

  • SHA256

    fe9891d660a387e065802120c0c66e6c50ccf915af7d0b5df7588fd29fa6e8b9

  • SHA512

    f70505be8f84befe4f07ad134f4fe418d7f34f52e3aa91490ce946b577f9345abe3daf59bccf9956104a12d9abfa157ce05a786b29c3dbb7eec97da2ae3edb8e

  • SSDEEP

    3072:7bBsCiuuawKWFyVEXu9HXDPjyHthAyb7LpktGqFQFkYaHkfu/D2Kxt4SFsed1+NV:7bBs7ZKu71b7LWAW+wHkmCm4SnOma4s

Malware Config

Extracted

Family

stealc

C2

http://aidandylan.top

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Targets

    • Target

      3c384c9d8c7d64f86d8506f713191cd90b83ec734a19137ce86f13067bbc426c.exe

    • Size

      252KB

    • MD5

      9452dff09397314ab6dc4c685e6c8f02

    • SHA1

      3374e1886a0992cc147ae1d0005ee387b3840354

    • SHA256

      3c384c9d8c7d64f86d8506f713191cd90b83ec734a19137ce86f13067bbc426c

    • SHA512

      f9cde18bba746fa189ba9a4f995707f802d934550606905dc54420cbaff66268db61b63c57a0891d63040d95eee663b424ae472721474ec15e541b66c7f97c19

    • SSDEEP

      3072:bwd998ZfNKx2bdV4VUVAMmoymL0qMA6wcyN7cQZzi0oeH5NrM0:C98KwbXV3moymJMGNtcQZz5vr

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks