Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869

  • Size

    217KB

  • Sample

    240509-p8mqladf39

  • MD5

    864b3093abf07e6127452d5ea8b1fa2f

  • SHA1

    c2c7303b78aa77bcb577d04d5ad25b9b29dbfcd4

  • SHA256

    9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869

  • SHA512

    866c97c3c8f2367b0d7215924eb4b54744759e9c4094997ba7ed2b5e58dcc91aa2cd3009b0afea2be936b19a4e862ffbe80f2f3232a2fde5e987e8bd70f9162c

  • SSDEEP

    3072:dVQr/HQkiW1wf1geHTE2jyPAsnApKS9Wm5O5wfeO:Ty/HQYsg3T9nApOm5c

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.151

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869

    • Size

      217KB

    • MD5

      864b3093abf07e6127452d5ea8b1fa2f

    • SHA1

      c2c7303b78aa77bcb577d04d5ad25b9b29dbfcd4

    • SHA256

      9e9a3a7e99404a3cc4346a18c74dce915fc6ece9b3960c420fc5685700a7d869

    • SHA512

      866c97c3c8f2367b0d7215924eb4b54744759e9c4094997ba7ed2b5e58dcc91aa2cd3009b0afea2be936b19a4e862ffbe80f2f3232a2fde5e987e8bd70f9162c

    • SSDEEP

      3072:dVQr/HQkiW1wf1geHTE2jyPAsnApKS9Wm5O5wfeO:Ty/HQYsg3T9nApOm5c

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks