Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69N.exe

  • Size

    1.7MB

  • Sample

    250111-lvh9gavqb1

  • MD5

    3044b99e7982c3de126391ec95494b00

  • SHA1

    5a07183899ed1b2b4f590e4df99f3622b9f7b2f9

  • SHA256

    e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69

  • SHA512

    b78b35789b489d97257ed10f813b8781eaeefa704c02e024bf4ebc55352dea4f0b3bd295e619b65bbce77764384fe656caa3d49d7079011adf54918a1d0e46f4

  • SSDEEP

    49152:VGUwfAIwoHpythFn8dG+hYFnGLOT4yGbr8P:VY4xoHCb8dG+hYFLTeb

Malware Config

Extracted

Family

stealc

Botnet

brat

C2

http://185.215.113.206

Attributes
  • url_path

    /c4becf79229cb002.php

Targets

    • Target

      e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69N.exe

    • Size

      1.7MB

    • MD5

      3044b99e7982c3de126391ec95494b00

    • SHA1

      5a07183899ed1b2b4f590e4df99f3622b9f7b2f9

    • SHA256

      e1ad7285d9398a55b0acf4892841ec351e0b6d91601b44b7c9b8c55dac13cc69

    • SHA512

      b78b35789b489d97257ed10f813b8781eaeefa704c02e024bf4ebc55352dea4f0b3bd295e619b65bbce77764384fe656caa3d49d7079011adf54918a1d0e46f4

    • SSDEEP

      49152:VGUwfAIwoHpythFn8dG+hYFnGLOT4yGbr8P:VY4xoHCb8dG+hYFLTeb

    • Stealc

      Stealc is an infostealer written in C++.

    • Stealc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.