Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    59ce4a41d5f4ba63019d17d4c0b1dd86edf3474964a02ba880fb9f6b282eee25

  • Size

    200KB

  • Sample

    231114-mhv8yabe3x

  • MD5

    1905872741b259eeb93921f7c2a77406

  • SHA1

    9cbe4954e82beaf8975e80f0279c9920e21ed67b

  • SHA256

    59ce4a41d5f4ba63019d17d4c0b1dd86edf3474964a02ba880fb9f6b282eee25

  • SHA512

    189dd959c9b4a1adf4a3b814df40fc04727ea11ca6221461193500971313ced3cc40020d6b80aaa417fafb98bbd68d0659ded85e0269390aa48aaf9d116baef9

  • SSDEEP

    3072:n1WLR78i+aQkICMOvTHRDdWWBQA5h5gKvVqR8MRaYvpU9K:ng+nBCMc7RDoWZ5fgF9E3

Malware Config

Extracted

Family

stealc

C2

http://bernardofata.icu

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Targets

    • Target

      59ce4a41d5f4ba63019d17d4c0b1dd86edf3474964a02ba880fb9f6b282eee25

    • Size

      200KB

    • MD5

      1905872741b259eeb93921f7c2a77406

    • SHA1

      9cbe4954e82beaf8975e80f0279c9920e21ed67b

    • SHA256

      59ce4a41d5f4ba63019d17d4c0b1dd86edf3474964a02ba880fb9f6b282eee25

    • SHA512

      189dd959c9b4a1adf4a3b814df40fc04727ea11ca6221461193500971313ced3cc40020d6b80aaa417fafb98bbd68d0659ded85e0269390aa48aaf9d116baef9

    • SSDEEP

      3072:n1WLR78i+aQkICMOvTHRDdWWBQA5h5gKvVqR8MRaYvpU9K:ng+nBCMc7RDoWZ5fgF9E3

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks