Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b04bb88f116e333a5282fcc85205e822b4f3ddb4fb900ff6aab1199537905eea
-
Size
2.1MB
-
Sample
240315-lww7qafe86
-
MD5
01c262a96cd13227e66137a6faad5685
-
SHA1
8d6b4659bff6f56140485252e2ed7389ac1deb03
-
SHA256
b04bb88f116e333a5282fcc85205e822b4f3ddb4fb900ff6aab1199537905eea
-
SHA512
59c03ede3487ceac313fc799645da3713f2d22c447459c4d1c5c0445ed1696eae9ef47a986db59aec876cf7fa115ebfb2100957941bd199d5a6b71f67181aa18
-
SSDEEP
49152:LeJY4NCmD3elDJ0MeEkr+gcXYm3RBLCT/jR4bk+OGDGZdQWMDO4:yJYI2De2krHcXY0O/+x6Hp4
Malware Config
Extracted
stealc
http://185.172.128.145
-
url_path
/3cd2b41cbde8fc9c.php
Targets
-
-
Target
b04bb88f116e333a5282fcc85205e822b4f3ddb4fb900ff6aab1199537905eea
-
Size
2.1MB
-
MD5
01c262a96cd13227e66137a6faad5685
-
SHA1
8d6b4659bff6f56140485252e2ed7389ac1deb03
-
SHA256
b04bb88f116e333a5282fcc85205e822b4f3ddb4fb900ff6aab1199537905eea
-
SHA512
59c03ede3487ceac313fc799645da3713f2d22c447459c4d1c5c0445ed1696eae9ef47a986db59aec876cf7fa115ebfb2100957941bd199d5a6b71f67181aa18
-
SSDEEP
49152:LeJY4NCmD3elDJ0MeEkr+gcXYm3RBLCT/jR4bk+OGDGZdQWMDO4:yJYI2De2krHcXY0O/+x6Hp4
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
$PLUGINSDIR/INetC.dll
-
Size
21KB
-
MD5
2b342079303895c50af8040a91f30f71
-
SHA1
b11335e1cb8356d9c337cb89fe81d669a69de17e
-
SHA256
2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f
-
SHA512
550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47
-
SSDEEP
384:KOoVVefeWsI7rsIquPLNN546o0Ac9khYLMkIX0+Gzyekv:4VVaeE7wIqyJN5i
Score3/10 -
-
-
Target
$TEMP/BroomSetup.exe
-
Size
1.7MB
-
MD5
eee5ddcffbed16222cac0a1b4e2e466e
-
SHA1
28b40c88b8ea50b0782e2bcbb4cc0f411035f3d5
-
SHA256
2a40e5dccc7526c4982334941c90f95374460e2a816e84e724e98c4d52ae8c54
-
SHA512
8f88901f3ebd425818db09f268df19ccf8a755603f04e9481bcf02b112a84393f8a900ead77f8f971bfa33fd9fa5636b7494aaee864a0fb04e3273911a4216dc
-
SSDEEP
49152:YUnaQiKJ8N+AadA6mICFhNGffVCPi9NUko6jE:ZwKa+u6mICFSwPKDK
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$TEMP/syncUpd.exe
-
Size
237KB
-
MD5
04bd95c49dbb7391d08d08e5717e8e3f
-
SHA1
daf5d5b340c8a2265709963ae23c89ee18e29720
-
SHA256
7aeafe5281075a0385c73e55edc9cac577968b623e33961975174af6ce8355fb
-
SHA512
13aa59ac47a8401f7913551eeacb097af596d5096122b1309b75bb04efa94018897895a47890b05b21b0ad8e078e7b172a132897e8dae6745ab8b3da7f611d05
-
SSDEEP
3072:5Tuy47ZIsY2azZFoN3jY15e7EfTmxt84Z1LbeMDpfM:5MF7a7q3jYTOGmfXiMd
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-