Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add.exe

  • Size

    2.8MB

  • Sample

    240821-bncs1ashme

  • MD5

    993f5fdf3bd55f35661293167e39649a

  • SHA1

    4dca34fd078faf357dbfb56181e2dbbaca2ae9d6

  • SHA256

    21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add

  • SHA512

    04894447773cccabaeeb7c05599eab586376f54d3a9a482f21b3fa79b969e969e29bf5f2c55a36e4bdd433f763ed97926a632cd6b7d6ceead0ee75684b975f59

  • SSDEEP

    49152:+qaUDr+obxLq3iaBwdxiMaxx1buynNoTugnzq3bZvTFTSXedTUDoCFRbH:1i3x13n+TuKz8bZv8XedyouRbH

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://193.176.190.41

Attributes
  • url_path

    /2fa883eebd632382.php

Targets

    • Target

      21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add.exe

    • Size

      2.8MB

    • MD5

      993f5fdf3bd55f35661293167e39649a

    • SHA1

      4dca34fd078faf357dbfb56181e2dbbaca2ae9d6

    • SHA256

      21381b405bbb2d1ac38f1d908e0dc8a399fb2401d2ed1c1a300a2144626f9add

    • SHA512

      04894447773cccabaeeb7c05599eab586376f54d3a9a482f21b3fa79b969e969e29bf5f2c55a36e4bdd433f763ed97926a632cd6b7d6ceead0ee75684b975f59

    • SSDEEP

      49152:+qaUDr+obxLq3iaBwdxiMaxx1buynNoTugnzq3bZvTFTSXedTUDoCFRbH:1i3x13n+TuKz8bZv8XedyouRbH

    • Stealc

      Stealc is an infostealer written in C++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks