Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
R6 Script.rar
-
Size
111KB
-
Sample
241027-1x98astdjg
-
MD5
064db67a423e95cf104cf0cbd949f97f
-
SHA1
c94d4ad7d69c14f783db28448657d5a3e8e75c44
-
SHA256
9996b7ab1211684a1d7e32ba542db3332a8fdcef65d2c3e2cc03ff05062cfdd4
-
SHA512
8cb49e6872cfefa1926d848716cf6a70ac734914e8d55c2b22ea766929b835b5ae841b78944c4c95ff4c03ca04a4180313cc2e5fdf7b7d97ab215511f01c6c1e
-
SSDEEP
1536:8kHBBKJHJXYxchWFWw0Jtrci5f9a0Svdv40nocUyufW0yklTGRSpRJTHomGUbFeZ:G+yhsgIcfdSVv4yK3XyksRKwmPeZ
Static task
static1
Behavioral task
behavioral1
Sample
R6 Script.rar
Resource
win11-20241007-en
Malware Config
Extracted
stealc
game
https://t.me/gygqrajjsa
-
url_path
/383ccd496f3c5eee.php
Targets
-
-
Target
R6 Script.rar
-
Size
111KB
-
MD5
064db67a423e95cf104cf0cbd949f97f
-
SHA1
c94d4ad7d69c14f783db28448657d5a3e8e75c44
-
SHA256
9996b7ab1211684a1d7e32ba542db3332a8fdcef65d2c3e2cc03ff05062cfdd4
-
SHA512
8cb49e6872cfefa1926d848716cf6a70ac734914e8d55c2b22ea766929b835b5ae841b78944c4c95ff4c03ca04a4180313cc2e5fdf7b7d97ab215511f01c6c1e
-
SSDEEP
1536:8kHBBKJHJXYxchWFWw0Jtrci5f9a0Svdv40nocUyufW0yklTGRSpRJTHomGUbFeZ:G+yhsgIcfdSVv4yK3XyksRKwmPeZ
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4