Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64484fbd938448a71202c90d151fc8e4.exe

  • Size

    817KB

  • Sample

    240720-anxbza1era

  • MD5

    64484fbd938448a71202c90d151fc8e4

  • SHA1

    e52bd39a933ab6762292e38caa2001c1dfeea5b9

  • SHA256

    8129223972fb532baa3fd67b5a20d3c4d12f3fe42d8a7547e38f75e3a52df37e

  • SHA512

    5f53808393f00cedc552462c53045cfb8e8fe6bc7a32eced72fce255b454fde24fe350841e800b46424747af16fdf615d709532d11fd67a926ee15a5dadae676

  • SSDEEP

    24576:FgLNqLM6+dQtWfgi4HShiO8nYq0MYduMTxG:PM6+dQtWfbCO8nYHMY1

Malware Config

Extracted

Family

stealc

Botnet

Leg

C2

http://40.86.87.10

Attributes
  • url_path

    /108e010e8f91c38c.php

Targets

    • Target

      64484fbd938448a71202c90d151fc8e4.exe

    • Size

      817KB

    • MD5

      64484fbd938448a71202c90d151fc8e4

    • SHA1

      e52bd39a933ab6762292e38caa2001c1dfeea5b9

    • SHA256

      8129223972fb532baa3fd67b5a20d3c4d12f3fe42d8a7547e38f75e3a52df37e

    • SHA512

      5f53808393f00cedc552462c53045cfb8e8fe6bc7a32eced72fce255b454fde24fe350841e800b46424747af16fdf615d709532d11fd67a926ee15a5dadae676

    • SSDEEP

      24576:FgLNqLM6+dQtWfgi4HShiO8nYq0MYduMTxG:PM6+dQtWfbCO8nYHMY1

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks