Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e

  • Size

    412KB

  • Sample

    240418-2hqqsagg69

  • MD5

    19e93cdbbe05d789bc11c8f6c24357ab

  • SHA1

    d436779f72b2c17207668955b9cb64055650fd23

  • SHA256

    481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e

  • SHA512

    33f75ff405d8adc693cb154d86899cd59f83608a2cdd2b356308fc56395b70e1a2f48fa9c08d9daf59cb456f5a5b3f1a79b143dd8b0f4de4f84b1ea51165e342

  • SSDEEP

    6144:0GlYLHoDRsJI9IG2AUXj0b8fN1aj5OhsMXmhvDKX1XuEc1:0GlYzoUOWAm04fN1a4nXm+1eP1

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Targets

    • Target

      481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e

    • Size

      412KB

    • MD5

      19e93cdbbe05d789bc11c8f6c24357ab

    • SHA1

      d436779f72b2c17207668955b9cb64055650fd23

    • SHA256

      481c134e037ef6f14fd93ce2195e25fc7ee64eef05b0aabef1a8da173571258e

    • SHA512

      33f75ff405d8adc693cb154d86899cd59f83608a2cdd2b356308fc56395b70e1a2f48fa9c08d9daf59cb456f5a5b3f1a79b143dd8b0f4de4f84b1ea51165e342

    • SSDEEP

      6144:0GlYLHoDRsJI9IG2AUXj0b8fN1aj5OhsMXmhvDKX1XuEc1:0GlYzoUOWAm04fN1a4nXm+1eP1

    • Detect ZGRat V1

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks