Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    95cc300618cf5a0abb4b36427d838ee00bc37e515bf527ecf24725d70610c993.zip

  • Size

    160KB

  • Sample

    231119-z39naace3w

  • MD5

    3a5a0cd30c56927a68e5a8f502508a83

  • SHA1

    d0a31fa867fc7d09bc383060e6b991ce89b2a12e

  • SHA256

    a09d7644a2b61731b0669ddde1793dfbb76f7b1b738f5d5d7684e1b53c675b5a

  • SHA512

    80ea69d9c6c7087f8d13751909afdefc70d43d7cea3743db0863c777e0622e730813428f4f7182dfbcd59fe444e3700349475cc294b62aaa08881331c00cdb9b

  • SSDEEP

    3072:mFHS3OaFGhW3ft0IfivKffu875UJqR9Zj/GeBx5EK9ctigq8V5fWO+nj1UMy:2H+OaMWF0/eui5UJqLN/fj5/OpWOFf

Malware Config

Extracted

Family

stealc

C2

http://bernardofata.icu

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Targets

    • Target

      95cc300618cf5a0abb4b36427d838ee00bc37e515bf527ecf24725d70610c993.exe

    • Size

      247KB

    • MD5

      2a3773e1dccb10a11d39139b2a3c4700

    • SHA1

      6d19664ed14bc2f1a8d06948c02105c489cc6b96

    • SHA256

      95cc300618cf5a0abb4b36427d838ee00bc37e515bf527ecf24725d70610c993

    • SHA512

      67a90564bdf119beb271e2b008b6a5e278b7cd253ed03626422fcecc5af41a40b40bbafc42f22fb7fc9133978033d31a581c980deaf8e96ee9d94bcc6591cea9

    • SSDEEP

      3072:B4VQxA8+X0F7Rq0iu2yUnF64XBqf0wKxF0EhMOR8F89pUpx/p4KCl:yyqzX0F9nZgF64XBk0wK7eF898x5

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks