Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ca20476eab92bfb30bbd6b7ad2961010.exe

  • Size

    228KB

  • Sample

    240516-s1x35sbd21

  • MD5

    ca20476eab92bfb30bbd6b7ad2961010

  • SHA1

    549e27826585706b0a3fbd5ca62fe9cf94360242

  • SHA256

    5913b56762d3253e0d9cefdd62f311f2a1a902f643b4c4cdb0220d1a38a3dbf9

  • SHA512

    1355f0da04dbc5fe79c122793a6ffa720dfb932d07910fb1dc2a728751fb2e4636439c03016f2a9276f838133fd98768a7b6ee086c553d78b75d57c8c7ddd350

  • SSDEEP

    6144:wB5Q/aqNI6aZg0RMrKB0uEdRj4pHLKd1k6cw:kDZgCMrk0u1Q

Malware Config

Extracted

Family

stealc

Botnet

default11

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      ca20476eab92bfb30bbd6b7ad2961010.exe

    • Size

      228KB

    • MD5

      ca20476eab92bfb30bbd6b7ad2961010

    • SHA1

      549e27826585706b0a3fbd5ca62fe9cf94360242

    • SHA256

      5913b56762d3253e0d9cefdd62f311f2a1a902f643b4c4cdb0220d1a38a3dbf9

    • SHA512

      1355f0da04dbc5fe79c122793a6ffa720dfb932d07910fb1dc2a728751fb2e4636439c03016f2a9276f838133fd98768a7b6ee086c553d78b75d57c8c7ddd350

    • SSDEEP

      6144:wB5Q/aqNI6aZg0RMrKB0uEdRj4pHLKd1k6cw:kDZgCMrk0u1Q

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks