Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1

  • Size

    373KB

  • Sample

    240516-mts8qagg7v

  • MD5

    6646ce0700d19a7de14da68ee446ba30

  • SHA1

    38b511346413c74967eeca1a0c50cf084c7e6d8c

  • SHA256

    01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1

  • SHA512

    fab4269cea37ed76ca9e29145fc7c1d3b69e4ac38318026c93e8c47a564ac307d17a4b73cb1cebddbf5106abb7165ae2aac622d8aa22c287a4b48b7f0b05c8c2

  • SSDEEP

    6144:GdiHaAVjjHTJvO5rWNmgKlJcB9BRcCwJJxDOejznC3lP6v2sbnz533+S9I:skaAVjL9vO5UmgGJc9KywnCJsbn8S9I

Malware Config

Extracted

Family

stealc

Botnet

default100

C2

http://185.172.128.150

Attributes
  • url_path

    /c698e1bc8a2f5e6d.php

Targets

    • Target

      01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1

    • Size

      373KB

    • MD5

      6646ce0700d19a7de14da68ee446ba30

    • SHA1

      38b511346413c74967eeca1a0c50cf084c7e6d8c

    • SHA256

      01bc3e1b8cbd5fb66f32536422fadecc7fbf1510427be58036dda38248efaac1

    • SHA512

      fab4269cea37ed76ca9e29145fc7c1d3b69e4ac38318026c93e8c47a564ac307d17a4b73cb1cebddbf5106abb7165ae2aac622d8aa22c287a4b48b7f0b05c8c2

    • SSDEEP

      6144:GdiHaAVjjHTJvO5rWNmgKlJcB9BRcCwJJxDOejznC3lP6v2sbnz533+S9I:skaAVjL9vO5UmgGJc9KywnCJsbn8S9I

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks