Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43

  • Size

    396KB

  • Sample

    240425-19l18sfh5v

  • MD5

    bf4f63cbcc06bf2ae575ea3778e023c1

  • SHA1

    ba9a6a28bfa25886b389afb4dc0e57a1d48eeeb8

  • SHA256

    3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43

  • SHA512

    992e3a0680da57fb60060628d56ca974a552a6e266864fad690108c38bbcdf94a6611b008fa2f0568cc0aa7f7a780ab57fb47288209206ecd8ac3158dca2f3b7

  • SSDEEP

    6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d:sUyaySdnLXvoTmWol4b1j4

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.111

Attributes
  • url_path

    /f993692117a3fda2.php

Targets

    • Target

      3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43

    • Size

      396KB

    • MD5

      bf4f63cbcc06bf2ae575ea3778e023c1

    • SHA1

      ba9a6a28bfa25886b389afb4dc0e57a1d48eeeb8

    • SHA256

      3d4375cde08e03e77fe51fbca04d0cc4ce29fd7d0a71174473fb2225ba204d43

    • SHA512

      992e3a0680da57fb60060628d56ca974a552a6e266864fad690108c38bbcdf94a6611b008fa2f0568cc0aa7f7a780ab57fb47288209206ecd8ac3158dca2f3b7

    • SSDEEP

      6144:4bUya3+rSZfUNPi77LXMIoTKsmQ3ol2nb14ov0d:sUyaySdnLXvoTmWol4b1j4

    • Detects Arechclient2 RAT

      Arechclient2.

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks