Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    78d8166716bd66d81e10f7b5f939d44c42a798bd3f7ecadb948776baf5d58612

  • Size

    417KB

  • Sample

    240506-lf6q8aag67

  • MD5

    2e349cc184e622bdbc988b2cb65dbb21

  • SHA1

    cd45fc067c91105d5eb32507c6543b28c4018a3c

  • SHA256

    78d8166716bd66d81e10f7b5f939d44c42a798bd3f7ecadb948776baf5d58612

  • SHA512

    c855f03181d6248e838782217a3057b68d175fe7a1c5f591dcda5918f537d50374521620886971cd789c62fbd93956b335c3d23c34c7c1f6ff3174c5443252b5

  • SSDEEP

    6144:Gvm5q7cumHxCrGqFot529roAosBXIwDT6Wg1dHN8pQUfFZpYY8pS/rUUwKOgYtas:Gvqq7cumorCFKpnq/OFr8pvKStK8

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      78d8166716bd66d81e10f7b5f939d44c42a798bd3f7ecadb948776baf5d58612

    • Size

      417KB

    • MD5

      2e349cc184e622bdbc988b2cb65dbb21

    • SHA1

      cd45fc067c91105d5eb32507c6543b28c4018a3c

    • SHA256

      78d8166716bd66d81e10f7b5f939d44c42a798bd3f7ecadb948776baf5d58612

    • SHA512

      c855f03181d6248e838782217a3057b68d175fe7a1c5f591dcda5918f537d50374521620886971cd789c62fbd93956b335c3d23c34c7c1f6ff3174c5443252b5

    • SSDEEP

      6144:Gvm5q7cumHxCrGqFot529roAosBXIwDT6Wg1dHN8pQUfFZpYY8pS/rUUwKOgYtas:Gvqq7cumorCFKpnq/OFr8pvKStK8

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.