Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9228b749452ea70bbd0ad5c7bac258cf.exe

  • Size

    292KB

  • Sample

    231127-sqrhlshd52

  • MD5

    9228b749452ea70bbd0ad5c7bac258cf

  • SHA1

    3812403cfeaece0468c669577386e13b4336f707

  • SHA256

    c0a1c4b377daa251207cd51256ce1c5391b4f9226ccc7fe44117e067d3409aff

  • SHA512

    54f455e0a6c76062c516c874f1ac673f137d1a36688030d6e7017de1d5e9fc90f6967d2257a690e649ca66053e26cd20c9588137e7d89aaaedf3d4c5d3c40a92

  • SSDEEP

    3072:ltrNrqGRNZM2BS4wHlAIZEkcRZAWJS2y73gd7xLsxrOUbR:rrNrq8ZzS4wYRZg237xLsvR

Malware Config

Extracted

Family

stealc

C2

http://janmorath.icu

Attributes
  • url_path

    /40d570f44e84a454.php

rc4.plain

Targets

    • Target

      9228b749452ea70bbd0ad5c7bac258cf.exe

    • Size

      292KB

    • MD5

      9228b749452ea70bbd0ad5c7bac258cf

    • SHA1

      3812403cfeaece0468c669577386e13b4336f707

    • SHA256

      c0a1c4b377daa251207cd51256ce1c5391b4f9226ccc7fe44117e067d3409aff

    • SHA512

      54f455e0a6c76062c516c874f1ac673f137d1a36688030d6e7017de1d5e9fc90f6967d2257a690e649ca66053e26cd20c9588137e7d89aaaedf3d4c5d3c40a92

    • SSDEEP

      3072:ltrNrqGRNZM2BS4wHlAIZEkcRZAWJS2y73gd7xLsxrOUbR:rrNrq8ZzS4wYRZg237xLsvR

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks