Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a64c16946bf03bfa2c52aba4dd0b55cc.exe

  • Size

    136KB

  • Sample

    220727-zh7yysdbb4

  • MD5

    a64c16946bf03bfa2c52aba4dd0b55cc

  • SHA1

    7e048b042f7eee728bbac2720716bae32c9a236a

  • SHA256

    07596ca20b3e197f4e03f9a88cd163ddeff5b6f521df937ffb1e0ef9746a78b6

  • SHA512

    0289c12d8b8b4af7dca30cf862f252a14698a17dbf7d2b71eb941ec72b3eb5bc72a1c034eb4c19720ee04a943af7183758d08c9bb7abfdb224cee31b12d9921d

Malware Config

Targets

    • Target

      a64c16946bf03bfa2c52aba4dd0b55cc.exe

    • Size

      136KB

    • MD5

      a64c16946bf03bfa2c52aba4dd0b55cc

    • SHA1

      7e048b042f7eee728bbac2720716bae32c9a236a

    • SHA256

      07596ca20b3e197f4e03f9a88cd163ddeff5b6f521df937ffb1e0ef9746a78b6

    • SHA512

      0289c12d8b8b4af7dca30cf862f252a14698a17dbf7d2b71eb941ec72b3eb5bc72a1c034eb4c19720ee04a943af7183758d08c9bb7abfdb224cee31b12d9921d

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks