Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7

  • Size

    249KB

  • Sample

    240607-azamcaee51

  • MD5

    89ef597ad4066073fc1adfdd7e2487e8

  • SHA1

    053d0deee8a5a4ed5bac4e0e7a643ddbeee94084

  • SHA256

    9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7

  • SHA512

    f48aaced3771f780e145d20e977b4aa8d2be8227c52a6b7f2e65b126d806d7ba619288572fc381ab38077081ba48f501b2b4a9e85e34f109d7a454f5b74ca78c

  • SSDEEP

    3072:ZiNo04Zd5/Dj53rOxGMWw2jzr5K+LWorYHLWorYO/IYE:ZijifnspWTfPL10HL10QE

Malware Config

Extracted

Family

stealc

Botnet

default12

C2

http://185.172.128.170

Attributes
  • url_path

    /7043a0c6a68d9c65.php

Targets

    • Target

      9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7

    • Size

      249KB

    • MD5

      89ef597ad4066073fc1adfdd7e2487e8

    • SHA1

      053d0deee8a5a4ed5bac4e0e7a643ddbeee94084

    • SHA256

      9a3f94d8853f20963184f34cf75ecc08678ff43ec7ba524e54c1825d42d9f7d7

    • SHA512

      f48aaced3771f780e145d20e977b4aa8d2be8227c52a6b7f2e65b126d806d7ba619288572fc381ab38077081ba48f501b2b4a9e85e34f109d7a454f5b74ca78c

    • SSDEEP

      3072:ZiNo04Zd5/Dj53rOxGMWw2jzr5K+LWorYHLWorYO/IYE:ZijifnspWTfPL10HL10QE

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks