Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    stealer.bat

  • Size

    21KB

  • Sample

    240823-belpjszckp

  • MD5

    5cf892a9d8bee9cee2dbbe9cd4f544f8

  • SHA1

    492283a598bcfe1bdc1d88b9df25cc0b7c050be9

  • SHA256

    7bfd5f65d80fe137880d2f843dc5f54427e594e290724934a8a37c6a46249d2a

  • SHA512

    139fb7010207280f988aac66c650fa678742f9e6ef133f4055a48849c58fd33e1e7ec9c6c2de22d13d6e283adb1d7d1be01e804fe4c18afa61a8feb8946254cb

  • SSDEEP

    384:sUXCua64aB1T5nu9GYso11LqItMQz/QWtpBHKsthsdnXoYGjwBF10FrFRn1xZY6c:Uu7pHwIDw1LqItMQz/QWtpBHKsthsdnP

Malware Config

Targets

    • Target

      stealer.bat

    • Size

      21KB

    • MD5

      5cf892a9d8bee9cee2dbbe9cd4f544f8

    • SHA1

      492283a598bcfe1bdc1d88b9df25cc0b7c050be9

    • SHA256

      7bfd5f65d80fe137880d2f843dc5f54427e594e290724934a8a37c6a46249d2a

    • SHA512

      139fb7010207280f988aac66c650fa678742f9e6ef133f4055a48849c58fd33e1e7ec9c6c2de22d13d6e283adb1d7d1be01e804fe4c18afa61a8feb8946254cb

    • SSDEEP

      384:sUXCua64aB1T5nu9GYso11LqItMQz/QWtpBHKsthsdnXoYGjwBF10FrFRn1xZY6c:Uu7pHwIDw1LqItMQz/QWtpBHKsthsdnP

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Blocklisted process makes network request

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks