Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

RepulseExecuter.exe

windows11-21h2-x64

7

cstealer.pyc

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RepulseExecuter.exe

  • Size

    10.3MB

  • Sample

    241005-f6sdmascmc

  • MD5

    f4faa69a82d143f8eb6a35b03b1290ce

  • SHA1

    8d9afef4a89824607b501f62479fd149b995ae60

  • SHA256

    e60950c48d22951262d707a01fd5164ccafa0f37f7db68905b58088f15d6ad5a

  • SHA512

    e3d282f4cec0df9227fc933219b9dc0aaf84d9996d7f2ce1e8014fb5e4717f39ecb0738f2966ef97fda76a51fd3cc1a28f0db13aacf6d4d6abe12c1f33756188

  • SSDEEP

    196608:9VEk1CtNm+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6+lmGPFQwWBHlAC7O:jEk1Ct32XMCHWUjAjx5WsqWxT9lQw8le

Score
7/10
credential_accessdiscoverypyinstallerspywarestealer

Malware Config

Targets

    • Target

      RepulseExecuter.exe

    • Size

      10.3MB

    • MD5

      f4faa69a82d143f8eb6a35b03b1290ce

    • SHA1

      8d9afef4a89824607b501f62479fd149b995ae60

    • SHA256

      e60950c48d22951262d707a01fd5164ccafa0f37f7db68905b58088f15d6ad5a

    • SHA512

      e3d282f4cec0df9227fc933219b9dc0aaf84d9996d7f2ce1e8014fb5e4717f39ecb0738f2966ef97fda76a51fd3cc1a28f0db13aacf6d4d6abe12c1f33756188

    • SSDEEP

      196608:9VEk1CtNm+2XMCHGLLc54i1wN+ojXx5nDasqWQ2dTNUGdJP6+lmGPFQwWBHlAC7O:jEk1Ct32XMCHWUjAjx5WsqWxT9lQw8le

    Score
    7/10
    credential_accessdiscoveryspywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      cstealer.pyc

    • Size

      67KB

    • MD5

      952b886b60ecd894cb4d4c7148be9532

    • SHA1

      8bcab3195e8bd992c1e411ed1634498bdf790888

    • SHA256

      f30faec52d14397681a5dbb71c3f3174f14937fd212aefd16ff18bf782baa006

    • SHA512

      74ae725219f9fa240d469076fd734796e5101363c3ff410c65ad0a099153d521f991d540ddb0d41f6578ce701d0848b03826458126da675b669434dad1eba152

    • SSDEEP

      1536:gNoqOgufxjWhJl9s7bo88qLyQQOtJUYVy4ZRhen:g0NfAAbo88IkO4gy4ZRe

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks