Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4af3a202ab771b3f4187e6387e52e6db0eb812576f51d473b3c827de9ca5e651

  • Size

    391KB

  • Sample

    240502-yhassaee6y

  • MD5

    4078120e75ba3b7a81add7ea4db2c43f

  • SHA1

    5230bf56e98be11e6847bb051211389e06fa9b31

  • SHA256

    4af3a202ab771b3f4187e6387e52e6db0eb812576f51d473b3c827de9ca5e651

  • SHA512

    abfb5295c56c3a926a1343efc29f4b212038f0daa60e51eeb056ce06e47a877d8160d07ee531f00feb42293590b4b8261a0f46ecf1d2be77d0a4a20e7d46eec8

  • SSDEEP

    6144:1H1x0T788vLmd/0SkQO2FLt7RwvW86Bw7L9Fcm8fJqJQD6l:V4f8MmkQFFbqJ6Krcm5Jtl

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      4af3a202ab771b3f4187e6387e52e6db0eb812576f51d473b3c827de9ca5e651

    • Size

      391KB

    • MD5

      4078120e75ba3b7a81add7ea4db2c43f

    • SHA1

      5230bf56e98be11e6847bb051211389e06fa9b31

    • SHA256

      4af3a202ab771b3f4187e6387e52e6db0eb812576f51d473b3c827de9ca5e651

    • SHA512

      abfb5295c56c3a926a1343efc29f4b212038f0daa60e51eeb056ce06e47a877d8160d07ee531f00feb42293590b4b8261a0f46ecf1d2be77d0a4a20e7d46eec8

    • SSDEEP

      6144:1H1x0T788vLmd/0SkQO2FLt7RwvW86Bw7L9Fcm8fJqJQD6l:V4f8MmkQFFbqJ6Krcm5Jtl

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.