Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    65ac9cfdfb1d23d082840dfea8d506a4027f16355a45315e246efab8bf81453d.exe

  • Size

    1.8MB

  • Sample

    241010-jgeysa1eqh

  • MD5

    4be96d73816475072f5f8e81d71c5886

  • SHA1

    8f7e4c9eb41c1d832dd88c6401a63bd628813885

  • SHA256

    65ac9cfdfb1d23d082840dfea8d506a4027f16355a45315e246efab8bf81453d

  • SHA512

    eb18ed7c21c5b5e7bb93e6a627bf9ef629ef3316dea0458c5bfe64033d05ee51fb56aadf276f2abec734d889ca96c79a1b641f4c3b144c0dcf2333967a506a3c

  • SSDEEP

    49152:Wrr+f8RUk2yRuR5/PUmuveEHBE5AbWsEtIilkaHMj:s+F8Y2v9B8YEtDqaHMj

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      65ac9cfdfb1d23d082840dfea8d506a4027f16355a45315e246efab8bf81453d.exe

    • Size

      1.8MB

    • MD5

      4be96d73816475072f5f8e81d71c5886

    • SHA1

      8f7e4c9eb41c1d832dd88c6401a63bd628813885

    • SHA256

      65ac9cfdfb1d23d082840dfea8d506a4027f16355a45315e246efab8bf81453d

    • SHA512

      eb18ed7c21c5b5e7bb93e6a627bf9ef629ef3316dea0458c5bfe64033d05ee51fb56aadf276f2abec734d889ca96c79a1b641f4c3b144c0dcf2333967a506a3c

    • SSDEEP

      49152:Wrr+f8RUk2yRuR5/PUmuveEHBE5AbWsEtIilkaHMj:s+F8Y2v9B8YEtDqaHMj

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks