Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f05f66909f30cb421f36707aaa7c5700b5fb33a5b2f3efe7ac3d78675a5540b1

  • Size

    208KB

  • Sample

    240524-cld4qahf2s

  • MD5

    4ebca625b4417c345a08125da5633938

  • SHA1

    839ecbb46e623b3d0b829579e96c216b41af2dc3

  • SHA256

    f05f66909f30cb421f36707aaa7c5700b5fb33a5b2f3efe7ac3d78675a5540b1

  • SHA512

    03eb6cb478e584e6618b5bc5b32135dd01bdc1214f8325d97148db688a32ea03f3e9e2b3e41d4876dd4617479cf03f725521c7ef4a2c9d3a50fd3ac4f47db84b

  • SSDEEP

    3072:Db+7Qr3z+trZesbNMST4nkFaSYrRYN5rPKE+agR5C:3Jj+rZd5Mw4koSYrRYzRdg

Malware Config

Extracted

Family

stealc

Botnet

default11

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      f05f66909f30cb421f36707aaa7c5700b5fb33a5b2f3efe7ac3d78675a5540b1

    • Size

      208KB

    • MD5

      4ebca625b4417c345a08125da5633938

    • SHA1

      839ecbb46e623b3d0b829579e96c216b41af2dc3

    • SHA256

      f05f66909f30cb421f36707aaa7c5700b5fb33a5b2f3efe7ac3d78675a5540b1

    • SHA512

      03eb6cb478e584e6618b5bc5b32135dd01bdc1214f8325d97148db688a32ea03f3e9e2b3e41d4876dd4617479cf03f725521c7ef4a2c9d3a50fd3ac4f47db84b

    • SSDEEP

      3072:Db+7Qr3z+trZesbNMST4nkFaSYrRYN5rPKE+agR5C:3Jj+rZd5Mw4koSYrRYzRdg

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks