Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656

  • Size

    1.8MB

  • Sample

    250107-n471asznf1

  • MD5

    470bf2ba833f097089f37e78c3df7f08

  • SHA1

    de37ca21bdcc7f00edcdba89be290d32bea02c28

  • SHA256

    18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656

  • SHA512

    528613da731aaf565693da64a3a220886d1c5b958b44b72e7afb822735899ca4dcc9ab237581c0d9245fe3a5abbdf5c8db44825f2c4fe77aa488cd8a09f806de

  • SSDEEP

    49152:rivEF0DLLjhBnEMMKMHhvGCynu3CSLkL:rivBLLnEMMKMBvGCynu3CSY

Malware Config

Extracted

Family

stealc

Botnet

brat

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656

    • Size

      1.8MB

    • MD5

      470bf2ba833f097089f37e78c3df7f08

    • SHA1

      de37ca21bdcc7f00edcdba89be290d32bea02c28

    • SHA256

      18d5de366cc485f106923690a3b816e582cded05f43ccb5de5d790333b2e3656

    • SHA512

      528613da731aaf565693da64a3a220886d1c5b958b44b72e7afb822735899ca4dcc9ab237581c0d9245fe3a5abbdf5c8db44825f2c4fe77aa488cd8a09f806de

    • SSDEEP

      49152:rivEF0DLLjhBnEMMKMHhvGCynu3CSLkL:rivBLLnEMMKMBvGCynu3CSY

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks