Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dd23da89c16021f9023572cd0a28e37bb39281f6c7cb76fba9ab8cc50953242d

  • Size

    2.1MB

  • Sample

    241113-xth3vsxhjj

  • MD5

    e86188145d31f5f02de6e4f266051cac

  • SHA1

    3b8999b7c342476b4afa89265f9af7ce7caa8755

  • SHA256

    dd23da89c16021f9023572cd0a28e37bb39281f6c7cb76fba9ab8cc50953242d

  • SHA512

    c4554e3f03824c53bc43051b466b19887784a1367f6e36a694736657c0b42cf9273fab816fbdc440d0fd12d697a1b6f0d03b1f8d5544f284546fadd5341e2411

  • SSDEEP

    49152:AuzZukYwVYpz8+bauyqAB9arZ6yUrx8FJ1xa9js3N:K1wV4agA6rZrUKJi9j+N

Malware Config

Extracted

Family

stealc

Botnet

tale

C2

http://185.215.113.206

Attributes
  • url_path

    /6c4adf523b719729.php

Targets

    • Target

      dd23da89c16021f9023572cd0a28e37bb39281f6c7cb76fba9ab8cc50953242d

    • Size

      2.1MB

    • MD5

      e86188145d31f5f02de6e4f266051cac

    • SHA1

      3b8999b7c342476b4afa89265f9af7ce7caa8755

    • SHA256

      dd23da89c16021f9023572cd0a28e37bb39281f6c7cb76fba9ab8cc50953242d

    • SHA512

      c4554e3f03824c53bc43051b466b19887784a1367f6e36a694736657c0b42cf9273fab816fbdc440d0fd12d697a1b6f0d03b1f8d5544f284546fadd5341e2411

    • SSDEEP

      49152:AuzZukYwVYpz8+bauyqAB9arZ6yUrx8FJ1xa9js3N:K1wV4agA6rZrUKJi9j+N

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.