Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    252KB

  • Sample

    231124-jt68ssgf79

  • MD5

    52e47f5a70cad4a24a69540a25be2f7a

  • SHA1

    f226145a25a96b4e5232184e8dee0e6822211247

  • SHA256

    1c922d5d98f3333762eeea86319db57bef6ccf320f48b05b59166bc1451eb86c

  • SHA512

    a0177e6583be626a7b4fa98df8e078855a3f16efe5964e6dc85292ffe46239b7d61db06ffac2132e7f9582532caed2813e0d46ec2b75bf1fcce86ecbd3fead14

  • SSDEEP

    3072:HgSzZ0aSx9VwONzC+eBhTCciw7uuq9/MpCOsjX/8C5Ru5sFsAk:5VXeVFerCY6R0gpysFL

Malware Config

Extracted

Family

stealc

C2

http://danielhamerling.icu

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Targets

    • Target

      file

    • Size

      252KB

    • MD5

      52e47f5a70cad4a24a69540a25be2f7a

    • SHA1

      f226145a25a96b4e5232184e8dee0e6822211247

    • SHA256

      1c922d5d98f3333762eeea86319db57bef6ccf320f48b05b59166bc1451eb86c

    • SHA512

      a0177e6583be626a7b4fa98df8e078855a3f16efe5964e6dc85292ffe46239b7d61db06ffac2132e7f9582532caed2813e0d46ec2b75bf1fcce86ecbd3fead14

    • SSDEEP

      3072:HgSzZ0aSx9VwONzC+eBhTCciw7uuq9/MpCOsjX/8C5Ru5sFsAk:5VXeVFerCY6R0gpysFL

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks