Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b663d60bac4cf5c09fd1399aa29f38e3.bin

  • Size

    45KB

  • Sample

    231107-dlm73aca84

  • MD5

    05c417576948baaaf8927d30afa17e5d

  • SHA1

    a82c51d866514d8cd885a5d917d5023d08e4a831

  • SHA256

    1817ba3bb9c03905be9ce0a5e7e560ece00416dc457fe9dc51f6be3db86e997f

  • SHA512

    acd8b52a3ad852ba486b1612dafef0342036b0fbcde03fdbbbdb560fdbd7b1e5b9874f24f269811f3fb028dc8c856b196bea6ce383e433d1e47af48679405010

  • SSDEEP

    768:Y5rEDqucF7D+ot0RYgiPDWnPm+ApPAitihAllco10hcJMu4GSr0d0pzUYbVKtEah:4EjaXltuYgiPcPmZ13gWMeFdYUYRvaWE

Malware Config

Extracted

Family

stealc

C2

http://jaimemcgee.top

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Targets

    • Target

      98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35.exe

    • Size

      101KB

    • MD5

      b663d60bac4cf5c09fd1399aa29f38e3

    • SHA1

      dbf52a4f440ce4d8236b7dad5dd9802a5bb84644

    • SHA256

      98e47c023430666672d18ddc47b21e511214a607d8a86586e01e2d33bbe20b35

    • SHA512

      0c8bceb23f8dba0f94713f7cf5dab0795e9c3c39aeb2ec7a3ce13641999b2aa2b33bec2647400f75213d61d5600a3d5a867d01c5fe075d68d18aafa649530f07

    • SSDEEP

      1536:yV/6ogcasplKQJa1HmAlfR9Rwk/Tr2GreyjS0Pz+Tcgr6SzI41jfwsLkWTeTNuS:U/vgwFJ0mi2kWGreC41jBFeZu

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks