Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39.exe

  • Size

    1.8MB

  • Sample

    241018-cqzafs1cna

  • MD5

    b4b42d42e8416be5a8e8a82128fa5b7d

  • SHA1

    afaa0dab7641ef5398cfbdf46cc3acc5f1cf4c81

  • SHA256

    9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39

  • SHA512

    1d2a0a34c30444ab02081ef00388aea4eb8116d03d5945190f047b1dab6303950c6e7e49e6f536d746890fb43a2c55e248f5d757adee234437af16ac49974fe2

  • SSDEEP

    49152:AwrTJ3mlwFh5zs6aAgui4TllbQ51wdg5M+RK3xtxl:AwrV3m+Ff0ARlr02g/Grxl

Malware Config

Extracted

Family

stealc

Botnet

doma

C2

http://185.215.113.37

Attributes
  • url_path

    /e2b1563c6670f193.php

Targets

    • Target

      9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39.exe

    • Size

      1.8MB

    • MD5

      b4b42d42e8416be5a8e8a82128fa5b7d

    • SHA1

      afaa0dab7641ef5398cfbdf46cc3acc5f1cf4c81

    • SHA256

      9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39

    • SHA512

      1d2a0a34c30444ab02081ef00388aea4eb8116d03d5945190f047b1dab6303950c6e7e49e6f536d746890fb43a2c55e248f5d757adee234437af16ac49974fe2

    • SSDEEP

      49152:AwrTJ3mlwFh5zs6aAgui4TllbQ51wdg5M+RK3xtxl:AwrV3m+Ff0ARlr02g/Grxl

    • Stealc

      Stealc is an infostealer written in C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks