Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO 7500093232.exe

  • Size

    482KB

  • Sample

    220801-zaq1gagfh2

  • MD5

    832efb6bf9f508ebb2c41257fadcc300

  • SHA1

    1e8667e1561c3411f42f98c494dcc99be36d6d6a

  • SHA256

    f9bc0d5860d6135dab48b897e55465d88ebd0ca9b73ebdbaf83957d6e3bee26f

  • SHA512

    f866c97b78b006891b34b5afa8f0d3e3a8bf0e7033ab8970e142427e2611f07127fb3661bec26d43e0f68aa9e19aa8932adc2fb296cf1cdfdd85dd2b72eb30ea

Malware Config

Targets

    • Target

      PO 7500093232.exe

    • Size

      482KB

    • MD5

      832efb6bf9f508ebb2c41257fadcc300

    • SHA1

      1e8667e1561c3411f42f98c494dcc99be36d6d6a

    • SHA256

      f9bc0d5860d6135dab48b897e55465d88ebd0ca9b73ebdbaf83957d6e3bee26f

    • SHA512

      f866c97b78b006891b34b5afa8f0d3e3a8bf0e7033ab8970e142427e2611f07127fb3661bec26d43e0f68aa9e19aa8932adc2fb296cf1cdfdd85dd2b72eb30ea

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Downloads MZ/PE file

    • Drops startup file

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks