Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    syncUpd.exe

  • Size

    314KB

  • Sample

    240107-x5rt5sdch3

  • MD5

    7d03e5cd75616615792ff5da7f630d43

  • SHA1

    20dbe01340369c1e10fabf28c898c6f9fff1ae34

  • SHA256

    b0810d72555442341dd38d894b2551d1823613bcb747e19ce511da4d5fde3903

  • SHA512

    d942769fc2ed3e4a1f6b170a538e8695471857c3c2148ed6c16ed9b148ce962119320e61744e82993c7f73e690828a0022b251ec5ac8d86253f1aeb2d0e43a01

  • SSDEEP

    6144:TARL0o0AGim9r1FTMOI8qdDPhfTgYn79oUq:TARX0AGisfQOIfDln7a

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.79

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Targets

    • Target

      syncUpd.exe

    • Size

      314KB

    • MD5

      7d03e5cd75616615792ff5da7f630d43

    • SHA1

      20dbe01340369c1e10fabf28c898c6f9fff1ae34

    • SHA256

      b0810d72555442341dd38d894b2551d1823613bcb747e19ce511da4d5fde3903

    • SHA512

      d942769fc2ed3e4a1f6b170a538e8695471857c3c2148ed6c16ed9b148ce962119320e61744e82993c7f73e690828a0022b251ec5ac8d86253f1aeb2d0e43a01

    • SSDEEP

      6144:TARL0o0AGim9r1FTMOI8qdDPhfTgYn79oUq:TARX0AGisfQOIfDln7a

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks