Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9a77686c1bcfd7a3b163cda88bde89e854783436a7f386bd3db5f5ca329ad573

  • Size

    416KB

  • Sample

    240506-tgvdksce48

  • MD5

    1ab4f77cecedbf60bf479a8258243913

  • SHA1

    976315486f8d9973ccae2b606161b021e5b4c371

  • SHA256

    9a77686c1bcfd7a3b163cda88bde89e854783436a7f386bd3db5f5ca329ad573

  • SHA512

    3426be2e1c9fb50ab1f4142ddcd071f6cc554585f3f8ebdbb358f59c00f77fe95ec1d86666b107a3ab1d6ea9b72630f7d2af9cb9b85dffb9bb447d0eee2b8524

  • SSDEEP

    6144:Z5YuR8GzWWGtJf1/NoL+TcbtnqJPMfsvJQjN+tu8BjtlLCSzE4Rx58VVFrk04:JR8GzWWSZ1g+w5qJmjNMu6h9vzE44k04

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      9a77686c1bcfd7a3b163cda88bde89e854783436a7f386bd3db5f5ca329ad573

    • Size

      416KB

    • MD5

      1ab4f77cecedbf60bf479a8258243913

    • SHA1

      976315486f8d9973ccae2b606161b021e5b4c371

    • SHA256

      9a77686c1bcfd7a3b163cda88bde89e854783436a7f386bd3db5f5ca329ad573

    • SHA512

      3426be2e1c9fb50ab1f4142ddcd071f6cc554585f3f8ebdbb358f59c00f77fe95ec1d86666b107a3ab1d6ea9b72630f7d2af9cb9b85dffb9bb447d0eee2b8524

    • SSDEEP

      6144:Z5YuR8GzWWGtJf1/NoL+TcbtnqJPMfsvJQjN+tu8BjtlLCSzE4Rx58VVFrk04:JR8GzWWSZ1g+w5qJmjNMu6h9vzE44k04

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks