Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    241017-vqf3zswcqg

  • MD5

    52da2906c78bc9840cf933c8bcbf351a

  • SHA1

    92df58073f14470dc06759af4fec2e9f4c8204ce

  • SHA256

    dcb3603ec608359cad55552387cd857560e3bf9a3b0f0a9b94cc02f569ba314d

  • SHA512

    aa7e4015715e154702a74c4b54ce6a477ae4e5c7281022c7aae00e284079c3b5606098125da1895de7b873b5b7ea07fda2988c2e1f9d5731cce8993851db4da9

  • SSDEEP

    49152:c2G2GqZJgjovG8BQmVswkY/aqhxnSWp3Fw0d4VPMCsve:M2JKovsKakFSkmNPB4e

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      52da2906c78bc9840cf933c8bcbf351a

    • SHA1

      92df58073f14470dc06759af4fec2e9f4c8204ce

    • SHA256

      dcb3603ec608359cad55552387cd857560e3bf9a3b0f0a9b94cc02f569ba314d

    • SHA512

      aa7e4015715e154702a74c4b54ce6a477ae4e5c7281022c7aae00e284079c3b5606098125da1895de7b873b5b7ea07fda2988c2e1f9d5731cce8993851db4da9

    • SSDEEP

      49152:c2G2GqZJgjovG8BQmVswkY/aqhxnSWp3Fw0d4VPMCsve:M2JKovsKakFSkmNPB4e

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks