Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    aa8284b2178aaf3f501da1e4c1485ba01c72d70466e8026ff425771168ef5982

  • Size

    221KB

  • Sample

    240516-3l24naef64

  • MD5

    3e60f960ca78e34a5a223279c54df092

  • SHA1

    9cc2c0926d659aaf00eff68be3c6cccc9f14e364

  • SHA256

    aa8284b2178aaf3f501da1e4c1485ba01c72d70466e8026ff425771168ef5982

  • SHA512

    4463a76b64bab307381588f29e3eb4abc63aa9214f08d0ff84ae72473729cd6eb903e45126384aa86ba1eec64679eeea8eafd18456fb411dda3d655b96cd7f9a

  • SSDEEP

    3072:P1PHcIR8yJV1bnEoV+o37K/YsY0OKA++A8/CQZ84yG/4BTZV4M28qwtBCF:Pl1TVVrnQk+P8fi9BTrz+w

Malware Config

Extracted

Family

stealc

Botnet

default11

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      aa8284b2178aaf3f501da1e4c1485ba01c72d70466e8026ff425771168ef5982

    • Size

      221KB

    • MD5

      3e60f960ca78e34a5a223279c54df092

    • SHA1

      9cc2c0926d659aaf00eff68be3c6cccc9f14e364

    • SHA256

      aa8284b2178aaf3f501da1e4c1485ba01c72d70466e8026ff425771168ef5982

    • SHA512

      4463a76b64bab307381588f29e3eb4abc63aa9214f08d0ff84ae72473729cd6eb903e45126384aa86ba1eec64679eeea8eafd18456fb411dda3d655b96cd7f9a

    • SSDEEP

      3072:P1PHcIR8yJV1bnEoV+o37K/YsY0OKA++A8/CQZ84yG/4BTZV4M28qwtBCF:Pl1TVVrnQk+P8fi9BTrz+w

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks