Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a3c20b8c564076ca4e520a99c6cd1764.exe

  • Size

    132KB

  • Sample

    220802-v4xynahdb5

  • MD5

    a3c20b8c564076ca4e520a99c6cd1764

  • SHA1

    74700468ca8ef36b4111230b786bbab78c410468

  • SHA256

    d178525a986175d484866facf95baa1573a63a1060e5a06346ee4da4932df656

  • SHA512

    0f01b1e592d73d591a34b0b6e608859df3870e8ca65c29263e01a0dc53eafd4edf2c0efcac9ddfbb37ccb706e1b577bc79eb1828f344967b6723c20eb821dfa0

Malware Config

Targets

    • Target

      a3c20b8c564076ca4e520a99c6cd1764.exe

    • Size

      132KB

    • MD5

      a3c20b8c564076ca4e520a99c6cd1764

    • SHA1

      74700468ca8ef36b4111230b786bbab78c410468

    • SHA256

      d178525a986175d484866facf95baa1573a63a1060e5a06346ee4da4932df656

    • SHA512

      0f01b1e592d73d591a34b0b6e608859df3870e8ca65c29263e01a0dc53eafd4edf2c0efcac9ddfbb37ccb706e1b577bc79eb1828f344967b6723c20eb821dfa0

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks