Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
07f591a17c73af012377a73b06a11b66.exe
-
Size
344KB
-
Sample
241025-2wm7tatmfz
-
MD5
07f591a17c73af012377a73b06a11b66
-
SHA1
c3479c3c66b82a3840fd71b0a7f12722ff0e1409
-
SHA256
2fdf8af0479059cbd78914ef60be72d7c4527ceb3e893304d350a8b6dc9bd9bc
-
SHA512
a7f3b85620b55b7bc40b9e6313b7ab326c9d9979677e1414224b8b5a9c9ab2365449fb84272efbd59308c2ee0b29fe1535e5bfd721f223cfd975d439d27c79b8
-
SSDEEP
6144:/g1VWTJplmO0AiK9/GMSGFoF8lPIS4AiXNV65UGDz:MVWTl7VRP5FS43kXr65UGD
Static task
static1
Behavioral task
behavioral1
Sample
07f591a17c73af012377a73b06a11b66.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
07f591a17c73af012377a73b06a11b66.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
stealc
default9_cap
http://62.204.41.177
-
url_path
/edd20096ecef326d.php
Targets
-
-
Target
07f591a17c73af012377a73b06a11b66.exe
-
Size
344KB
-
MD5
07f591a17c73af012377a73b06a11b66
-
SHA1
c3479c3c66b82a3840fd71b0a7f12722ff0e1409
-
SHA256
2fdf8af0479059cbd78914ef60be72d7c4527ceb3e893304d350a8b6dc9bd9bc
-
SHA512
a7f3b85620b55b7bc40b9e6313b7ab326c9d9979677e1414224b8b5a9c9ab2365449fb84272efbd59308c2ee0b29fe1535e5bfd721f223cfd975d439d27c79b8
-
SSDEEP
6144:/g1VWTJplmO0AiK9/GMSGFoF8lPIS4AiXNV65UGDz:MVWTl7VRP5FS43kXr65UGD
-
Stealc family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4