Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    doc 20220726 009910 984993.pdf.exe

  • Size

    900KB

  • Sample

    220801-jsn1tsfcgk

  • MD5

    e5bccfe4fba287ecb2d35ae166de15c8

  • SHA1

    c308ec8b89f71d5816810ae55780152c255a1914

  • SHA256

    3082e3092bb33be6fe12afd5df501b83b82c0f6046e4ef0f60bfb2cd3291c002

  • SHA512

    07bd84ca40611f94b4c32f610a28e18c3c52639b67865bdfee98699afb2b14305da5b2e3d7115481b313a1de91f683fe2cb4997d7f2d6c9e7ac4e978baf8631a

Malware Config

Targets

    • Target

      doc 20220726 009910 984993.pdf.exe

    • Size

      900KB

    • MD5

      e5bccfe4fba287ecb2d35ae166de15c8

    • SHA1

      c308ec8b89f71d5816810ae55780152c255a1914

    • SHA256

      3082e3092bb33be6fe12afd5df501b83b82c0f6046e4ef0f60bfb2cd3291c002

    • SHA512

      07bd84ca40611f94b4c32f610a28e18c3c52639b67865bdfee98699afb2b14305da5b2e3d7115481b313a1de91f683fe2cb4997d7f2d6c9e7ac4e978baf8631a

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks