Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9d9cf49f782fa2d041b740623809bda45533efb533460b9210e6996c924a8208

  • Size

    206KB

  • Sample

    240818-zwcd7stgqf

  • MD5

    8e8addba4c8062d8be2101ff8604a092

  • SHA1

    50846d2a624e1f46db08cfab2b192623ac6bd6cc

  • SHA256

    9d9cf49f782fa2d041b740623809bda45533efb533460b9210e6996c924a8208

  • SHA512

    1184488f807545e3dcd0ee6cd2fe74dbcbdfdc2be99c8c092adee7c2a4abf2632a7c43e7e4461658fc3f7f11f8a72bd1571de6d03eb70b0932713890077afe69

  • SSDEEP

    3072:HhkQCmQKZ3qUCN6q72ru9QJaAscWXIW/cvdZ01L9BhSApo2NW/zSTduH+jyZKYzt:HhkKZaUCGaNc9W/cv+Z7Sh2N3keoEO

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      9d9cf49f782fa2d041b740623809bda45533efb533460b9210e6996c924a8208

    • Size

      206KB

    • MD5

      8e8addba4c8062d8be2101ff8604a092

    • SHA1

      50846d2a624e1f46db08cfab2b192623ac6bd6cc

    • SHA256

      9d9cf49f782fa2d041b740623809bda45533efb533460b9210e6996c924a8208

    • SHA512

      1184488f807545e3dcd0ee6cd2fe74dbcbdfdc2be99c8c092adee7c2a4abf2632a7c43e7e4461658fc3f7f11f8a72bd1571de6d03eb70b0932713890077afe69

    • SSDEEP

      3072:HhkQCmQKZ3qUCN6q72ru9QJaAscWXIW/cvdZ01L9BhSApo2NW/zSTduH+jyZKYzt:HhkKZaUCGaNc9W/cv+Z7Sh2N3keoEO

    • Stealc

      Stealc is an infostealer written in C++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks