Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    04072024_0303_03072024_Message_20240703082651_snippa.zip

  • Size

    2.0MB

  • Sample

    240704-dkcd6s1dlp

  • MD5

    d4d9594bc1e7aff27a623c4972620712

  • SHA1

    eb8a4ed87a990e2487ebe1fe9fc0a350472c4542

  • SHA256

    457f35de1b15d62282ce17e1d53b2df1a6cea43e1f139012bec66cd5bcc871b9

  • SHA512

    a6da9e21aa616b608f392ef3db136578411368002655b543f834b0f29229ed0209dc9272c97c22fb43ed5ddcbc0a8bd9d725e886750661a4704b0e6b8b26085c

  • SSDEEP

    49152:qvorjcKgbQR6HJ6yO8iAF5RwO+gvZ1PnYa76eD+Ah8FyexdnICOh84j+EKRT:ljcfER6e875KMvzPRbvKyCOm4ibRT

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1257666720059883600/GpvO8nlJrX2Jfw18M2Dv1On2EhjpqEV6IdGUgDeaq1dyExXmT-HJ2LXpbfIs34JU1GkX

Targets

    • Target

      Message_20240703082651_snippa/Message_20240703082651_snippa.wav.exe

    • Size

      2.2MB

    • MD5

      b862a2b99c3968173b3de780bd696027

    • SHA1

      7531769525187639f1530b42f221ad1a9b189a8f

    • SHA256

      e600f4c6b7476c6a87f2cb342b46e0e7b96790c2b25448af030e866b71f2b4b6

    • SHA512

      9bec24ed3dfdb71c8433a8fb2923423c543554e484b77c7a15c344e66d2c840188e0e4f87582a32a00580df4e5cb89d62b54892d3f9b19a671bde668fff5fb8e

    • SSDEEP

      49152:cJuGb6/6D58MO8qA3hRg+Egv9LPb0S7CmeULsPy8x11eIwhmX6c:cJJW/6W8hheEvRPPP3cy6woX6

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks