Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    89e4b73817aa05f9f99ec762a1c622021a7bbf20dc854dc3988bd3a06f22437f

  • Size

    262KB

  • Sample

    231016-frdxpadh49

  • MD5

    164c9c81271b7c25d900b74e6eef8038

  • SHA1

    7ef43c27a32faae23f47f8c93c44ed065a558476

  • SHA256

    89e4b73817aa05f9f99ec762a1c622021a7bbf20dc854dc3988bd3a06f22437f

  • SHA512

    4c4f925aed36d0b4f09165c19744ec24feee78487af05615ec4615d900c83c0176c80abdf52a2e4771ab91ce201d00cb0db62811c870609cac5ea8f1ec243852

  • SSDEEP

    3072:fBNXO1mXe60TK2z9zmbBuV56Uclyp8Z/IuR9pwpbH2UN+SIZRnpCkXi:ZhX90e2z9zmbgVMWI/IuR9uJH/oSQlp

Malware Config

Extracted

Family

stealc

C2

http://aidandylan.top

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Targets

    • Target

      89e4b73817aa05f9f99ec762a1c622021a7bbf20dc854dc3988bd3a06f22437f

    • Size

      262KB

    • MD5

      164c9c81271b7c25d900b74e6eef8038

    • SHA1

      7ef43c27a32faae23f47f8c93c44ed065a558476

    • SHA256

      89e4b73817aa05f9f99ec762a1c622021a7bbf20dc854dc3988bd3a06f22437f

    • SHA512

      4c4f925aed36d0b4f09165c19744ec24feee78487af05615ec4615d900c83c0176c80abdf52a2e4771ab91ce201d00cb0db62811c870609cac5ea8f1ec243852

    • SSDEEP

      3072:fBNXO1mXe60TK2z9zmbBuV56Uclyp8Z/IuR9pwpbH2UN+SIZRnpCkXi:ZhX90e2z9zmbgVMWI/IuR9uJH/oSQlp

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks