Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b

  • Size

    2.4MB

  • Sample

    240711-2l28zsxepn

  • MD5

    064e974ce49d5244b3ff3722f5f3c27c

  • SHA1

    32e71c4cc3bf1fdc09e20ca38b9354cc0e71d102

  • SHA256

    d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b

  • SHA512

    d6c619ee0b85e6fa0840830662595a3c1f18ee03c972a21cbaebc5db423a3dd2c2f8dd981f7e18ee97b0d7826734f49d13a95da4e3b9b7fb8049aae19a05cc4c

  • SSDEEP

    49152:1jVC8nkD0S3zwrsXr6YkGpbAH/FwhuvBscwidRkTfRl6lir:1jODwrsXrNVAlwPTS4

Malware Config

Extracted

Family

stealc

Botnet

hate

C2

http://85.28.47.30

Attributes
  • url_path

    /920475a59bac849d.php

Targets

    • Target

      d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b

    • Size

      2.4MB

    • MD5

      064e974ce49d5244b3ff3722f5f3c27c

    • SHA1

      32e71c4cc3bf1fdc09e20ca38b9354cc0e71d102

    • SHA256

      d81a4a8069199cb989351fb3053f47dd97027446886cb2b0044fef773749a81b

    • SHA512

      d6c619ee0b85e6fa0840830662595a3c1f18ee03c972a21cbaebc5db423a3dd2c2f8dd981f7e18ee97b0d7826734f49d13a95da4e3b9b7fb8049aae19a05cc4c

    • SSDEEP

      49152:1jVC8nkD0S3zwrsXr6YkGpbAH/FwhuvBscwidRkTfRl6lir:1jODwrsXrNVAlwPTS4

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks