Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef

  • Size

    128KB

  • Sample

    231212-gmnf1ahcc4

  • MD5

    a2b7fada2679821495ce60a0042a2ffe

  • SHA1

    ffe162e52d3aaac8020377b136b58cc9aa49f2c3

  • SHA256

    72b722343b6634a16e3addf6877a7d4d4bb19b646b16b4eb7beb13fecf17f22a

  • SHA512

    9fa89d123169ec3c19dae5cc5c551470b61da0b278688150357efa58d8a72e4167186310e98552d2537a34989daecc289c6463acae01ebe58fbe31f41e12eb09

  • SSDEEP

    3072:bqoL0aCTIZL3NbQVpbkUvtgDtvAgaGjxxkpzeJbwFHhq:bqoeTySjbODJAgTjxupIbwFBq

Malware Config

Extracted

Family

stealc

C2

http://77.91.76.36

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Targets

    • Target

      015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef

    • Size

      190KB

    • MD5

      c3cda4284fab6d48c2781c7e78dded15

    • SHA1

      e0e6d1711ba8afcd402f232214a76bf3f9efa7ef

    • SHA256

      015da94a48702bde0297911a4872469d9f4851d5067acf3fbbd412cbe82377ef

    • SHA512

      9a188c5573f9fffcf3f487a40822f857ff0db995ecba5ad4b77ddc88b5964e89c58bc864d7960f77e218a6a159caaeda8d35bdda9712e9d3b2805ca04fb33a53

    • SSDEEP

      3072:IJW9jLf7NyT1TAT2l3NUvtgDtvA2aGjxxkpzeJsV5kZ6q:l9jLzNyT1i43WODJA2TjxupIR

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks