Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd.exe

  • Size

    1.8MB

  • Sample

    240928-b4ebrssfqc

  • MD5

    3fba342adc9a795c9c5f64b00ce01b74

  • SHA1

    14378e009a4f05fe71df1600dd975d80201ec994

  • SHA256

    a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd

  • SHA512

    2729e5ad7763677526d0088abd74406fced6ee7caec5c8774ded57a7528f413c62801ee59030b69cf55aa30b2644d481ebf0af117e9b7e7a36f961bf8c414e93

  • SSDEEP

    24576:K8Ddwv5HafrA7siBwe6uiRkf9tefcy3v0tD4bAXnd7TTv2Z+FNVhrz/TlUyz0jFp:K/FaEoiBXj1G3cZ4C2Y1hrllz0yqhSK

Malware Config

Extracted

Family

stealc

Botnet

save

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd.exe

    • Size

      1.8MB

    • MD5

      3fba342adc9a795c9c5f64b00ce01b74

    • SHA1

      14378e009a4f05fe71df1600dd975d80201ec994

    • SHA256

      a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd

    • SHA512

      2729e5ad7763677526d0088abd74406fced6ee7caec5c8774ded57a7528f413c62801ee59030b69cf55aa30b2644d481ebf0af117e9b7e7a36f961bf8c414e93

    • SSDEEP

      24576:K8Ddwv5HafrA7siBwe6uiRkf9tefcy3v0tD4bAXnd7TTv2Z+FNVhrz/TlUyz0jFp:K/FaEoiBXj1G3cZ4C2Y1hrllz0yqhSK

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks