Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    240912-bjxydatbqh

  • MD5

    582c09e30698672fd833e6e6c0dc506e

  • SHA1

    37dafeb7ea62e155ff3f2d47f84011b24ef8ba2b

  • SHA256

    99e3eaac03d77c6b24ebd5a17326ba051788d58f1f1d4aa6871310419a85d8af

  • SHA512

    495525e62560e397c0bef9c7f17358c08547c34930e772c8e59476ec50b7196eac28a0cbba83d0d90ebcc4282e210e0d140292cf4bfd52262cba45e2a9d6a1c9

  • SSDEEP

    49152:31U0cR91UH/HfSve4TthkZ71pGjYgvsiX+xmc5Q:FUXR91UH/KvXTPkDYc+sQl

Malware Config

Extracted

Family

stealc

Botnet

rave

C2

http://185.215.113.103

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      582c09e30698672fd833e6e6c0dc506e

    • SHA1

      37dafeb7ea62e155ff3f2d47f84011b24ef8ba2b

    • SHA256

      99e3eaac03d77c6b24ebd5a17326ba051788d58f1f1d4aa6871310419a85d8af

    • SHA512

      495525e62560e397c0bef9c7f17358c08547c34930e772c8e59476ec50b7196eac28a0cbba83d0d90ebcc4282e210e0d140292cf4bfd52262cba45e2a9d6a1c9

    • SSDEEP

      49152:31U0cR91UH/HfSve4TthkZ71pGjYgvsiX+xmc5Q:FUXR91UH/KvXTPkDYc+sQl

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks