Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3bc752d2803f660c3216bcfa6fcd3cfb03b21b8753d4bec32f4e679af854028aN

  • Size

    502KB

  • Sample

    241009-hx2baawcmd

  • MD5

    f06e4aeb68de3502871c2899e96cd410

  • SHA1

    2caf84657845bfe75b60f83f9fa01d1212f8670b

  • SHA256

    3bc752d2803f660c3216bcfa6fcd3cfb03b21b8753d4bec32f4e679af854028a

  • SHA512

    cc5b94c108300b8eedbdff51d6849683d7ece59c91a6daf2afaeddcb0b8d2cdf214c0bb6751ba158ebdbc3a7cde811eff225947728493c17c61ee87ebae6ced3

  • SSDEEP

    12288:EK2bpydeHVFhfXu7UG/SPbc7Rb9CdNGZrKC:EKIydidXfGKwRofGVb

Malware Config

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Targets

    • Target

      3bc752d2803f660c3216bcfa6fcd3cfb03b21b8753d4bec32f4e679af854028aN

    • Size

      502KB

    • MD5

      f06e4aeb68de3502871c2899e96cd410

    • SHA1

      2caf84657845bfe75b60f83f9fa01d1212f8670b

    • SHA256

      3bc752d2803f660c3216bcfa6fcd3cfb03b21b8753d4bec32f4e679af854028a

    • SHA512

      cc5b94c108300b8eedbdff51d6849683d7ece59c91a6daf2afaeddcb0b8d2cdf214c0bb6751ba158ebdbc3a7cde811eff225947728493c17c61ee87ebae6ced3

    • SSDEEP

      12288:EK2bpydeHVFhfXu7UG/SPbc7Rb9CdNGZrKC:EKIydidXfGKwRofGVb

    • Stealc

      Stealc is an infostealer written in C++.

    • Downloads MZ/PE file

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks