Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ecea04acbe0a9d3c34e25dce92339db5ebc4006ea461ea1b44cbcbeda0e74af2

  • Size

    364KB

  • Sample

    240509-ajq96ahh73

  • MD5

    6adfa7bcac8caec6d3022645fe7a33a5

  • SHA1

    e04fb84ac0ad062e04a2b5478b0cc44225744aef

  • SHA256

    ecea04acbe0a9d3c34e25dce92339db5ebc4006ea461ea1b44cbcbeda0e74af2

  • SHA512

    b1c61fc4421491f3986858f9f97bee0ac0346f3c283df47f9d32532f120c26aee87051525bdc97383ebe10de3d4bf7b960e11f28d44cdd7230386aacad1fd33c

  • SSDEEP

    6144:aEToWW+sKejNKsTbTpfSl2JyRVc6TI2DNJeTNPcOlE/r1EHSRKYTpWF:awot+LKwy/pfSl2Jy7fTPNopJya6tpWF

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      ecea04acbe0a9d3c34e25dce92339db5ebc4006ea461ea1b44cbcbeda0e74af2

    • Size

      364KB

    • MD5

      6adfa7bcac8caec6d3022645fe7a33a5

    • SHA1

      e04fb84ac0ad062e04a2b5478b0cc44225744aef

    • SHA256

      ecea04acbe0a9d3c34e25dce92339db5ebc4006ea461ea1b44cbcbeda0e74af2

    • SHA512

      b1c61fc4421491f3986858f9f97bee0ac0346f3c283df47f9d32532f120c26aee87051525bdc97383ebe10de3d4bf7b960e11f28d44cdd7230386aacad1fd33c

    • SSDEEP

      6144:aEToWW+sKejNKsTbTpfSl2JyRVc6TI2DNJeTNPcOlE/r1EHSRKYTpWF:awot+LKwy/pfSl2Jy7fTPNopJya6tpWF

    • Detect ZGRat V1

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks