Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4N

  • Size

    1.8MB

  • Sample

    240927-psvq9ssglj

  • MD5

    d373b4b79df48249752714876f9ca220

  • SHA1

    b3a700f70e22287aed6a8e218ff239b77a70b461

  • SHA256

    5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4

  • SHA512

    3f240ee9a05180166d445ab4aeb6be8aec6e27116a7576688bcef0dd5dec0cab483283040bb2d6015e9e537226cbac6a5e151d18efe638dfbc03109c288e246a

  • SSDEEP

    49152:6wRBGfPzvA9Id6hSmZVsQvsW77p0q2zHnz16:qzo9Id6hSUVvVPpb2zHnz1

Malware Config

Extracted

Family

stealc

Botnet

save

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4N

    • Size

      1.8MB

    • MD5

      d373b4b79df48249752714876f9ca220

    • SHA1

      b3a700f70e22287aed6a8e218ff239b77a70b461

    • SHA256

      5202f99baf32bd7c0df659637b99cfbd53f7bd3d171ecf61529fec4daf7e71b4

    • SHA512

      3f240ee9a05180166d445ab4aeb6be8aec6e27116a7576688bcef0dd5dec0cab483283040bb2d6015e9e537226cbac6a5e151d18efe638dfbc03109c288e246a

    • SSDEEP

      49152:6wRBGfPzvA9Id6hSmZVsQvsW77p0q2zHnz16:qzo9Id6hSUVvVPpb2zHnz1

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks