Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
stealer.bat
-
Size
21KB
-
Sample
240823-belpjszckp
-
MD5
5cf892a9d8bee9cee2dbbe9cd4f544f8
-
SHA1
492283a598bcfe1bdc1d88b9df25cc0b7c050be9
-
SHA256
7bfd5f65d80fe137880d2f843dc5f54427e594e290724934a8a37c6a46249d2a
-
SHA512
139fb7010207280f988aac66c650fa678742f9e6ef133f4055a48849c58fd33e1e7ec9c6c2de22d13d6e283adb1d7d1be01e804fe4c18afa61a8feb8946254cb
-
SSDEEP
384:sUXCua64aB1T5nu9GYso11LqItMQz/QWtpBHKsthsdnXoYGjwBF10FrFRn1xZY6c:Uu7pHwIDw1LqItMQz/QWtpBHKsthsdnP
Malware Config
Targets
-
-
Target
stealer.bat
-
Size
21KB
-
MD5
5cf892a9d8bee9cee2dbbe9cd4f544f8
-
SHA1
492283a598bcfe1bdc1d88b9df25cc0b7c050be9
-
SHA256
7bfd5f65d80fe137880d2f843dc5f54427e594e290724934a8a37c6a46249d2a
-
SHA512
139fb7010207280f988aac66c650fa678742f9e6ef133f4055a48849c58fd33e1e7ec9c6c2de22d13d6e283adb1d7d1be01e804fe4c18afa61a8feb8946254cb
-
SSDEEP
384:sUXCua64aB1T5nu9GYso11LqItMQz/QWtpBHKsthsdnXoYGjwBF10FrFRn1xZY6c:Uu7pHwIDw1LqItMQz/QWtpBHKsthsdnP
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1