Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Python.CrealStealer.4.28055.30099.exe

  • Size

    14.4MB

  • Sample

    240120-1ggk2shdh3

  • MD5

    1e68e1e04a5e94d7a17f686a488051ff

  • SHA1

    09122f9525a957faf0d96c81ab95bb4def243c64

  • SHA256

    32ed36fb1c3f23fbb5c9c3ca61ae089558cd85e5dec4777359c1a6ee6eb2b82e

  • SHA512

    690415cefe821465600c3539b843b443c064b00c235ff27d8f4d80d03456d8de1b32f38fc2f4f36eba6eea938e71d6a78a74e2113486f5d857bf87c5bb2a370d

  • SSDEEP

    393216:au7L/sQboidQuslSq99oWOv+9fgSMA+NT7:aCL0QbjdQuSDorvSYS6d

Malware Config

Targets

    • Target

      SecuriteInfo.com.Python.CrealStealer.4.28055.30099.exe

    • Size

      14.4MB

    • MD5

      1e68e1e04a5e94d7a17f686a488051ff

    • SHA1

      09122f9525a957faf0d96c81ab95bb4def243c64

    • SHA256

      32ed36fb1c3f23fbb5c9c3ca61ae089558cd85e5dec4777359c1a6ee6eb2b82e

    • SHA512

      690415cefe821465600c3539b843b443c064b00c235ff27d8f4d80d03456d8de1b32f38fc2f4f36eba6eea938e71d6a78a74e2113486f5d857bf87c5bb2a370d

    • SSDEEP

      393216:au7L/sQboidQuslSq99oWOv+9fgSMA+NT7:aCL0QbjdQuSDorvSYS6d

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks