Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    58c8b96f74e495aa91d309ff315b77b1

  • Size

    251KB

  • Sample

    220802-zd5yssahc7

  • MD5

    58c8b96f74e495aa91d309ff315b77b1

  • SHA1

    b5c28834680d88d91fcbeff73da4fdb41ee26246

  • SHA256

    7ef5048ef8956ea47d94d2498c6bba66c7c33dbc8e2f5ed4d879ea96af30b682

  • SHA512

    afe4bb0da0d4108f66351f218d4d58a067ce1a990fd5214e0ad405456781e17f2a997fcb4723dab6cfcae9597fc0a438cbc1e1e2ccc6dd5750e53f840116d8b3

Malware Config

Targets

    • Target

      PO 7500093232.exe

    • Size

      482KB

    • MD5

      832efb6bf9f508ebb2c41257fadcc300

    • SHA1

      1e8667e1561c3411f42f98c494dcc99be36d6d6a

    • SHA256

      f9bc0d5860d6135dab48b897e55465d88ebd0ca9b73ebdbaf83957d6e3bee26f

    • SHA512

      f866c97b78b006891b34b5afa8f0d3e3a8bf0e7033ab8970e142427e2611f07127fb3661bec26d43e0f68aa9e19aa8932adc2fb296cf1cdfdd85dd2b72eb30ea

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Downloads MZ/PE file

    • Drops startup file

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks