Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    3.0MB

  • Sample

    240312-y9gemscd95

  • MD5

    88d8a1aa36d48e28d506abe4fa3e7322

  • SHA1

    03385cdb977d1e7effbe5f9c1712b723778d3ea7

  • SHA256

    0d124edbaa3ae482812d236f4ed05b094085949a794d69b0bebc679b4a011720

  • SHA512

    3674f482ef11b359f0969476b0b3ca017689a8ba39b91bf99b8751d5f8cc5e8a1077a81cff9cdb268746f39000ab5976f3adb1166f9b34f9c32c3ffdc1a06491

  • SSDEEP

    12288:XNzcTCPYV/oVQ+mJkP5isjJyhKxE5n9g8FYE2gXqi:XNzcTUYV3J25iDl9VYE2Mqi

Malware Config

Extracted

Family

stealc

C2

http://94.156.8.100

Attributes
  • url_path

    /5dce321003e6a6b5.php

Targets

    • Target

      file

    • Size

      3.0MB

    • MD5

      88d8a1aa36d48e28d506abe4fa3e7322

    • SHA1

      03385cdb977d1e7effbe5f9c1712b723778d3ea7

    • SHA256

      0d124edbaa3ae482812d236f4ed05b094085949a794d69b0bebc679b4a011720

    • SHA512

      3674f482ef11b359f0969476b0b3ca017689a8ba39b91bf99b8751d5f8cc5e8a1077a81cff9cdb268746f39000ab5976f3adb1166f9b34f9c32c3ffdc1a06491

    • SSDEEP

      12288:XNzcTCPYV/oVQ+mJkP5isjJyhKxE5n9g8FYE2gXqi:XNzcTUYV3J25iDl9VYE2Mqi

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks