Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1YPQZ_file.exe

  • Size

    1.7MB

  • Sample

    241014-qh36bsxbnb

  • MD5

    9e3d0de4343652353b07267361f520ea

  • SHA1

    9a9a89627db72493bae3ee93147d939e23619a74

  • SHA256

    a54efb68df3b1a8efca221079a0feb4f0726becb209b062e9eb832c36bd18393

  • SHA512

    1b236354452848a243a0087e56ebf67c117beefa66ab3bd1cdafc7758b2b5190162f2588ff16f4d7f4ac143b4e290d13089b69bb75f88094aa607701c7597413

  • SSDEEP

    49152:JYchSrfptMpJHAeq1b4HddPKUtwgAzMnQCKQCvf:HSrfoHAe1wgQwQ3f

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      1YPQZ_file.exe

    • Size

      1.7MB

    • MD5

      9e3d0de4343652353b07267361f520ea

    • SHA1

      9a9a89627db72493bae3ee93147d939e23619a74

    • SHA256

      a54efb68df3b1a8efca221079a0feb4f0726becb209b062e9eb832c36bd18393

    • SHA512

      1b236354452848a243a0087e56ebf67c117beefa66ab3bd1cdafc7758b2b5190162f2588ff16f4d7f4ac143b4e290d13089b69bb75f88094aa607701c7597413

    • SSDEEP

      49152:JYchSrfptMpJHAeq1b4HddPKUtwgAzMnQCKQCvf:HSrfoHAe1wgQwQ3f

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks