Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    999efe8a7d32764901ed04b7cff249e07ad85ec3e7237e4578f11e9b29de4326.zip

  • Size

    165KB

  • Sample

    231119-2cl6eadb2v

  • MD5

    4549fe0e9daa45e32a6de98a29a7a3d5

  • SHA1

    d71cf46f5db0840348060230f6a7d05a4b3405d8

  • SHA256

    1d75ca233d4e18a1edf62be0503472a767b6b931aed903fb08ff8003c3e7dee9

  • SHA512

    cc067a146245f299518765552fa67b01e87a6c03890f47c1ef057e6ab63d29ab4454771f4b348c6631692aca12dc71e7161d05826d98fde4b57d300a36997fad

  • SSDEEP

    3072:zYvnnkIJx+vyeLfkO6gueW2lNAoYwFIFp+ibAhkvYTn4hp8tvDOV3DAe:2bxbQsU/AozyF4i0mYTn4hMq3D

Malware Config

Extracted

Family

stealc

C2

http://giuliotoro.icu

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Targets

    • Target

      999efe8a7d32764901ed04b7cff249e07ad85ec3e7237e4578f11e9b29de4326.exe

    • Size

      254KB

    • MD5

      ef45b1ac26f3fb7cac0cf85c568bb881

    • SHA1

      09826670fa495347aec5ba11ca5cf04be417019e

    • SHA256

      999efe8a7d32764901ed04b7cff249e07ad85ec3e7237e4578f11e9b29de4326

    • SHA512

      cfd15c626aece1568311213fcc059ee24e0249f4e343a79b68f1f7b005eeb175b7b1f411b71017b564d3a9f912f9282c81e77be12f62d90d8bdacd4ffc8c826f

    • SSDEEP

      3072:K9xGvZKt0iEfvg6FVs94VIg9EGbJh5j3hKrjRTRS926tyIi/p/4CY/:644tAfvFFi9Tg95hty6926IIiG

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks