Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    56afc3a4d1976c141a65895d5fb4e6fc5756a593cf97d234626f8107ad2141d5

  • Size

    326KB

  • Sample

    240930-fn4zpsyhjp

  • MD5

    7bd092de7377de68b4f563563b616b10

  • SHA1

    5bccfe4bbc92f7f7c535c75e5c345c8c6cd56f02

  • SHA256

    56afc3a4d1976c141a65895d5fb4e6fc5756a593cf97d234626f8107ad2141d5

  • SHA512

    ae610593911053c6d24ce92adea19b3faa44d385fa9c97ba060626fa7d5f00cb65affce239f21b34a02f31282754857b3b40351dc185e55158ea49026a839cd4

  • SSDEEP

    6144:4xqtQERKoOzkzPdM6grTH06m/cr1DfBDIplsdyS38hYjpWO5yEO:NydZozPdMH/U6mkr5fd4mdbMcTEEO

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Extracted

Family

vidar

Version

11

Botnet

a669a86f8433a1e88901711c0f772c97

C2

https://t.me/jamsemlg

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

lumma

Extracted

Family

lumma

C2

https://possiwreeste.site/api

https://underlinemdsj.site/api

https://chaptermusu.store/api

Targets

    • Target

      56afc3a4d1976c141a65895d5fb4e6fc5756a593cf97d234626f8107ad2141d5

    • Size

      326KB

    • MD5

      7bd092de7377de68b4f563563b616b10

    • SHA1

      5bccfe4bbc92f7f7c535c75e5c345c8c6cd56f02

    • SHA256

      56afc3a4d1976c141a65895d5fb4e6fc5756a593cf97d234626f8107ad2141d5

    • SHA512

      ae610593911053c6d24ce92adea19b3faa44d385fa9c97ba060626fa7d5f00cb65affce239f21b34a02f31282754857b3b40351dc185e55158ea49026a839cd4

    • SSDEEP

      6144:4xqtQERKoOzkzPdM6grTH06m/cr1DfBDIplsdyS38hYjpWO5yEO:NydZozPdMH/U6mkr5fd4mdbMcTEEO

    • Detect Vidar Stealer

    • Lumma Stealer, LummaC

      Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    • Stealc

      Stealc is an infostealer written in C++.

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.