Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a531cf5568b7ab1e70b269186601bedacd734851da989ac6d37771f1b0b87547

  • Size

    370KB

  • Sample

    240720-e5771swerj

  • MD5

    0d0b2d2e8e757e66ae44a0e3aeed2512

  • SHA1

    029d6b6dab4f3b33806fcdb8ec9b457e1c7d46f6

  • SHA256

    a531cf5568b7ab1e70b269186601bedacd734851da989ac6d37771f1b0b87547

  • SHA512

    023a413eddd057e2253b2e674329000b14423c23db78eb61ee91538e0a73beb3e58326bc85405762ad7cd2152d6158fb844b2b8003c9b635b46b039c0010bd4b

  • SSDEEP

    6144:hTNLdeErsZ/lyvUpo9lq4PT3fbf0FIMPoB4ikVTRcv2oFDXTUbEpQqee:nLgErJ3L0F5C4px82rEp6e

Malware Config

Extracted

Family

stealc

Botnet

hnew

C2

http://85.28.47.70

Attributes
  • url_path

    /570d5d5e8678366c.php

Targets

    • Target

      a531cf5568b7ab1e70b269186601bedacd734851da989ac6d37771f1b0b87547

    • Size

      370KB

    • MD5

      0d0b2d2e8e757e66ae44a0e3aeed2512

    • SHA1

      029d6b6dab4f3b33806fcdb8ec9b457e1c7d46f6

    • SHA256

      a531cf5568b7ab1e70b269186601bedacd734851da989ac6d37771f1b0b87547

    • SHA512

      023a413eddd057e2253b2e674329000b14423c23db78eb61ee91538e0a73beb3e58326bc85405762ad7cd2152d6158fb844b2b8003c9b635b46b039c0010bd4b

    • SSDEEP

      6144:hTNLdeErsZ/lyvUpo9lq4PT3fbf0FIMPoB4ikVTRcv2oFDXTUbEpQqee:nLgErJ3L0F5C4px82rEp6e

    • Stealc

      Stealc is an infostealer written in C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks