Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    206KB

  • Sample

    240818-pbbbaswdnl

  • MD5

    89d3a7a63f88f0c4ce563827151516e1

  • SHA1

    41260c97cd71900250c61e290873a35e15e18424

  • SHA256

    aba62bbf6ed281583a0c2027ccd15dd367309bba790800918c501940c7ad66a2

  • SHA512

    7138a69137b772816a4f0370c90be94d2a4ac1d3026d651b1e56900488b99550ce46844eb4407d48e35af2025fdb2c831f68bcba8e590c886e24038cffda6c34

  • SSDEEP

    3072:o3lIJfs1CeH5kmr+5D3/GUVunExQWtMHU0VgT96Y5jNgdWomop1UoMkm7Du4QVW3:oVIJfsYyUVujW5jNBomozUogxrEO

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      file.exe

    • Size

      206KB

    • MD5

      89d3a7a63f88f0c4ce563827151516e1

    • SHA1

      41260c97cd71900250c61e290873a35e15e18424

    • SHA256

      aba62bbf6ed281583a0c2027ccd15dd367309bba790800918c501940c7ad66a2

    • SHA512

      7138a69137b772816a4f0370c90be94d2a4ac1d3026d651b1e56900488b99550ce46844eb4407d48e35af2025fdb2c831f68bcba8e590c886e24038cffda6c34

    • SSDEEP

      3072:o3lIJfs1CeH5kmr+5D3/GUVunExQWtMHU0VgT96Y5jNgdWomop1UoMkm7Du4QVW3:oVIJfsYyUVujW5jNBomozUogxrEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks