Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
da68eede5f489072a8f0e34579d75ccefa0adefa2363cb6a2923c09f3f3d2b0b
-
Size
2.4MB
-
Sample
240711-2l6leaxepr
-
MD5
1b1117aacb221e675092b3328bdbe8bc
-
SHA1
8c68aeede370fe98c1d60066e039e7e0f70e0df8
-
SHA256
da68eede5f489072a8f0e34579d75ccefa0adefa2363cb6a2923c09f3f3d2b0b
-
SHA512
1ef104a90c7e9eba6f0a3d16ac2f8a31129374f055fee80296d5c8cee24c7ec6aaa949dc2093ba5a10a11a9a5f0fccd0b2eb3c1ed7b60b01ceb37a888255142a
-
SSDEEP
49152:gvCW+BOth3h/J2rd4Ni8cbFUbooHw/p7OiGvORwkfZQe19o:gazqx/8rdsi8UFUMoQwDeFw
Malware Config
Extracted
stealc
hate
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Targets
-
-
Target
da68eede5f489072a8f0e34579d75ccefa0adefa2363cb6a2923c09f3f3d2b0b
-
Size
2.4MB
-
MD5
1b1117aacb221e675092b3328bdbe8bc
-
SHA1
8c68aeede370fe98c1d60066e039e7e0f70e0df8
-
SHA256
da68eede5f489072a8f0e34579d75ccefa0adefa2363cb6a2923c09f3f3d2b0b
-
SHA512
1ef104a90c7e9eba6f0a3d16ac2f8a31129374f055fee80296d5c8cee24c7ec6aaa949dc2093ba5a10a11a9a5f0fccd0b2eb3c1ed7b60b01ceb37a888255142a
-
SSDEEP
49152:gvCW+BOth3h/J2rd4Ni8cbFUbooHw/p7OiGvORwkfZQe19o:gazqx/8rdsi8UFUMoQwDeFw
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-