Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f6b9b4d109...72.exe

windows7-x64

10

f6b9b4d109...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    945a7cd9f48b9258a0d6a66f3e53e995.bin

  • Size

    162KB

  • Sample

    240820-bzgw4a1cqm

  • MD5

    20377d16e9eb203a29518a6885fcd063

  • SHA1

    fb62c6b832fe82fd03a538af7f3da7863322ce42

  • SHA256

    4081885454a7f63784d5e6dfe56827bc1f6c994d2e146556ff77cc61d86c53c6

  • SHA512

    305106218e62f5201adbb7b8bd3f3ad0a9bfe461926f3f10f025013ab26d8d4643de36840c6cd085186f2a00edece4a7ddd92b8c1ddc806ebe4055d27d18cc1e

  • SSDEEP

    3072:NGLcVwbglYRD4Uh/Q/iOV5QEizO1RyU7kou57nKRZVRcF8:HVR84e/Q/ZKEiq1s4uIVCK

Score
10/10
stealcdefaultcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://62.204.41.151

Attributes
  • url_path

    /edd20096ecef326d.php

Targets

    • Target

      f6b9b4d109149a7788c23795978cb0a581e2c3c82c67b6df87e5939f148f9972.exe

    • Size

      296KB

    • MD5

      945a7cd9f48b9258a0d6a66f3e53e995

    • SHA1

      731e7a27e0eb01010c7c6e98d1cdbc572bbd59e4

    • SHA256

      f6b9b4d109149a7788c23795978cb0a581e2c3c82c67b6df87e5939f148f9972

    • SHA512

      9e341dc9f54bb23ab32888c33153eae79d4e04f55a220bce517afdd237ed487d744d39137cb39ffdba0e1829a4772bccfb152cb76c8847956363ec7f080c8707

    • SSDEEP

      3072:O3xF1vhTaXLw1jIgGPSv9IjrGuV+P46YgWRgZO65AKk0hEl:olhTa7ajTGPRrGuEP46Y35mKl

    Score
    10/10
    stealcdefaultcredential_accessdiscoveryspywarestealer

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks