Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b5172f2d9e29bf1fb37c41a7dedc2d8f837776d5883cd46536d34e914fff228

  • Size

    213KB

  • Sample

    240430-abjv4sec87

  • MD5

    5f739940a6f806a4d20bc3f104e06d0b

  • SHA1

    6c169ea2565d0ae637baebc6a0ba3c2c0a2051d9

  • SHA256

    5b5172f2d9e29bf1fb37c41a7dedc2d8f837776d5883cd46536d34e914fff228

  • SHA512

    d072140e21aeec4da4d673807aa3c97662561eede1f287001073893537126ffcc658ef5dd5b802ce39b2ecdfa1974be1ae080ab75e90e6888f2e3514db1c3364

  • SSDEEP

    3072:xXFirUCuNmiZLgBYATzc3aLo+cu9XCx52nTPIP6:Ip57zc3Ao2X7a

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      5b5172f2d9e29bf1fb37c41a7dedc2d8f837776d5883cd46536d34e914fff228

    • Size

      213KB

    • MD5

      5f739940a6f806a4d20bc3f104e06d0b

    • SHA1

      6c169ea2565d0ae637baebc6a0ba3c2c0a2051d9

    • SHA256

      5b5172f2d9e29bf1fb37c41a7dedc2d8f837776d5883cd46536d34e914fff228

    • SHA512

      d072140e21aeec4da4d673807aa3c97662561eede1f287001073893537126ffcc658ef5dd5b802ce39b2ecdfa1974be1ae080ab75e90e6888f2e3514db1c3364

    • SSDEEP

      3072:xXFirUCuNmiZLgBYATzc3aLo+cu9XCx52nTPIP6:Ip57zc3Ao2X7a

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks