Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dc6c4b3a9db140cefda4564e0c8adda4.exe

  • Size

    240KB

  • Sample

    231112-thxv4agg3t

  • MD5

    dc6c4b3a9db140cefda4564e0c8adda4

  • SHA1

    1e6476dd04e9652f9865e983a2b905cc3f8e34e5

  • SHA256

    78380c9b3b9036cb8d3fdbacd2438971115405bcb828bb9812e4abb488408590

  • SHA512

    ff719f7e50b878a0f0903afa67ff365f8972e7ba69b75583f609dedff8c166b437af601e0e304dd2623f55076513c64d2a400a4fe9d598ef63d021921d5fc7eb

  • SSDEEP

    3072:tiyf4PLToR3Py+dWiWiZOegeEsSldc1aOm4DSRP4X4wZ7+c:tbwPLTmPy+dWicvsSQ1a5b4X4wN

Malware Config

Extracted

Family

stealc

C2

http://bernardofata.icu

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Targets

    • Target

      dc6c4b3a9db140cefda4564e0c8adda4.exe

    • Size

      240KB

    • MD5

      dc6c4b3a9db140cefda4564e0c8adda4

    • SHA1

      1e6476dd04e9652f9865e983a2b905cc3f8e34e5

    • SHA256

      78380c9b3b9036cb8d3fdbacd2438971115405bcb828bb9812e4abb488408590

    • SHA512

      ff719f7e50b878a0f0903afa67ff365f8972e7ba69b75583f609dedff8c166b437af601e0e304dd2623f55076513c64d2a400a4fe9d598ef63d021921d5fc7eb

    • SSDEEP

      3072:tiyf4PLToR3Py+dWiWiZOegeEsSldc1aOm4DSRP4X4wZ7+c:tbwPLTmPy+dWicvsSQ1a5b4X4wN

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks