Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b.exe

  • Size

    2.6MB

  • Sample

    240724-cewp7avelb

  • MD5

    6159bd2beba187d99dad9e2a802fe8fd

  • SHA1

    bf1b92c2b6d41fb3ad17e3e658f0d86a8c07cc22

  • SHA256

    68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b

  • SHA512

    3a0f432fe9357833bb224ebfa5776f11fa8b0ef09fdf3610f73662c958944909057a7323576db7117197525b31bead2835f81671c93da4a69451b5b9e87bbb72

  • SSDEEP

    49152:FPgIpTlcBsyifklUwVowI9dy5y5iEvBMfyWrmXPipqNW1rTz:FYIg0fOXVRI9dy5yQEvBMfyWrmXPiXrT

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    gator3220.hostgator.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ABBG_3!y7%@agIh

Targets

    • Target

      68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b.exe

    • Size

      2.6MB

    • MD5

      6159bd2beba187d99dad9e2a802fe8fd

    • SHA1

      bf1b92c2b6d41fb3ad17e3e658f0d86a8c07cc22

    • SHA256

      68f7221674dbbb7621ce4d491bb7869344db5d91e9017601943e7b1e672b2d7b

    • SHA512

      3a0f432fe9357833bb224ebfa5776f11fa8b0ef09fdf3610f73662c958944909057a7323576db7117197525b31bead2835f81671c93da4a69451b5b9e87bbb72

    • SSDEEP

      49152:FPgIpTlcBsyifklUwVowI9dy5y5iEvBMfyWrmXPipqNW1rTz:FYIg0fOXVRI9dy5yQEvBMfyWrmXPiXrT

    • PureLog Stealer

      PureLog Stealer is an infostealer written in C#.

    • PureLog Stealer payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks