Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
441f614bb8a71a458b9f8274f807c33550d0a91304b7b1bc25c23c6cd8d9b616
-
Size
2.4MB
-
Sample
240711-2gks5sxcnj
-
MD5
7ad17f11aa6b1408999981b11078d674
-
SHA1
57a4856e4db83685852d7c6037bb1bbde4793415
-
SHA256
441f614bb8a71a458b9f8274f807c33550d0a91304b7b1bc25c23c6cd8d9b616
-
SHA512
06f7dbbe0fbba7615742840c5aa0e77f87bca47eb85bc5d5b33d5785d76e9a705e4d6ce0e068f43f45986405dcaf7171dfd6bd2bbd832e2eced0032ab4695e65
-
SSDEEP
49152:xyOXuqDgypjKg6wY7p6ZJ99hZUNs9TlID4zmjfs49s/9khpXnDD:RDdj97Y7p6ZJhZeCJOTsqD
Malware Config
Extracted
stealc
Nice
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
441f614bb8a71a458b9f8274f807c33550d0a91304b7b1bc25c23c6cd8d9b616
-
Size
2.4MB
-
MD5
7ad17f11aa6b1408999981b11078d674
-
SHA1
57a4856e4db83685852d7c6037bb1bbde4793415
-
SHA256
441f614bb8a71a458b9f8274f807c33550d0a91304b7b1bc25c23c6cd8d9b616
-
SHA512
06f7dbbe0fbba7615742840c5aa0e77f87bca47eb85bc5d5b33d5785d76e9a705e4d6ce0e068f43f45986405dcaf7171dfd6bd2bbd832e2eced0032ab4695e65
-
SSDEEP
49152:xyOXuqDgypjKg6wY7p6ZJ99hZUNs9TlID4zmjfs49s/9khpXnDD:RDdj97Y7p6ZJhZeCJOTsqD
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-