Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    115393eb7b846c483657c26ba51379d0c274b4733cd60f3d28ed36e2a56e090a

  • Size

    189KB

  • Sample

    231211-th3fkschd9

  • MD5

    883e90d72d2b65a3856d39df340ffa48

  • SHA1

    7272c62e0ebd9443c6883361d60de46e7291cdaa

  • SHA256

    115393eb7b846c483657c26ba51379d0c274b4733cd60f3d28ed36e2a56e090a

  • SHA512

    f23424b2c1dd9b28c3be20e0599cea3af50ee507e03447dc5a8cba27766742ba7145708e529b9a1f024b90f826aa7e67473cd3638f708dfb419425661fb3b0f9

  • SSDEEP

    3072:DlRlzL3XhCCUOgECDnQeJD0pTGSmFEVhak4ax60/Z5eRq:nlzLHhgOgERewiCPakxx60a

Malware Config

Extracted

Family

stealc

C2

http://77.91.76.36

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Targets

    • Target

      115393eb7b846c483657c26ba51379d0c274b4733cd60f3d28ed36e2a56e090a

    • Size

      189KB

    • MD5

      883e90d72d2b65a3856d39df340ffa48

    • SHA1

      7272c62e0ebd9443c6883361d60de46e7291cdaa

    • SHA256

      115393eb7b846c483657c26ba51379d0c274b4733cd60f3d28ed36e2a56e090a

    • SHA512

      f23424b2c1dd9b28c3be20e0599cea3af50ee507e03447dc5a8cba27766742ba7145708e529b9a1f024b90f826aa7e67473cd3638f708dfb419425661fb3b0f9

    • SSDEEP

      3072:DlRlzL3XhCCUOgECDnQeJD0pTGSmFEVhak4ax60/Z5eRq:nlzLHhgOgERewiCPakxx60a

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks