Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    919bd7c5bd519ea81d757569fb0a340042d7b7071b9e4a2a2bb63c14a2beb171

  • Size

    205KB

  • Sample

    240105-y1mkashggm

  • MD5

    58f22f4769e590f572304d26eaa637b0

  • SHA1

    fdfa6b1c9aa2ac4890bf0fb38f55e8471eb08ea6

  • SHA256

    919bd7c5bd519ea81d757569fb0a340042d7b7071b9e4a2a2bb63c14a2beb171

  • SHA512

    96987f86087a002b141e0eb42764e320553e10c3833a0af252ab5f71567b88d0eb957dbc3254c3ac99d9887a114ce7ef90857ca646c24f041eecf373b7233a53

  • SSDEEP

    3072:BnsLgAjV2MaqD2Yp/cdDoWEMRsleoEBgOlErQ34Kx78dSfL:BsL32+pkIleoEBbErQoD

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.79

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Targets

    • Target

      919bd7c5bd519ea81d757569fb0a340042d7b7071b9e4a2a2bb63c14a2beb171

    • Size

      205KB

    • MD5

      58f22f4769e590f572304d26eaa637b0

    • SHA1

      fdfa6b1c9aa2ac4890bf0fb38f55e8471eb08ea6

    • SHA256

      919bd7c5bd519ea81d757569fb0a340042d7b7071b9e4a2a2bb63c14a2beb171

    • SHA512

      96987f86087a002b141e0eb42764e320553e10c3833a0af252ab5f71567b88d0eb957dbc3254c3ac99d9887a114ce7ef90857ca646c24f041eecf373b7233a53

    • SSDEEP

      3072:BnsLgAjV2MaqD2Yp/cdDoWEMRsleoEBgOlErQ34Kx78dSfL:BsL32+pkIleoEBbErQoD

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks