Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
db8191f04672070a996fec1c22e33a935a507142a44e2810499849f204fa53c9.exe
-
Size
173KB
-
Sample
240221-eq7b6sbc5s
-
MD5
883376e243dd3350cfce85a2ff84e0bc
-
SHA1
4a6268392c2ce729021b17c62b012bb55549f2c7
-
SHA256
db8191f04672070a996fec1c22e33a935a507142a44e2810499849f204fa53c9
-
SHA512
8e5cb2f12e19dbfbd26645cd4e77ce3fccb07cb51c94544bb31a6f603587ff56d86f10acd4b3288f14b0a45a75451e95891cba63dd52def325b34a49c7326da4
-
SSDEEP
3072:0s7OPA6cUpRRyTWbk6psDOiuy8VMr1/gmmDrAKchAo:0siPAREbw6pUuyH4DsKY
Malware Config
Extracted
stealc
http://185.172.128.145
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
db8191f04672070a996fec1c22e33a935a507142a44e2810499849f204fa53c9.exe
-
Size
173KB
-
MD5
883376e243dd3350cfce85a2ff84e0bc
-
SHA1
4a6268392c2ce729021b17c62b012bb55549f2c7
-
SHA256
db8191f04672070a996fec1c22e33a935a507142a44e2810499849f204fa53c9
-
SHA512
8e5cb2f12e19dbfbd26645cd4e77ce3fccb07cb51c94544bb31a6f603587ff56d86f10acd4b3288f14b0a45a75451e95891cba63dd52def325b34a49c7326da4
-
SSDEEP
3072:0s7OPA6cUpRRyTWbk6psDOiuy8VMr1/gmmDrAKchAo:0siPAREbw6pUuyH4DsKY
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Detect binaries embedding considerable number of MFA browser extension IDs.
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-