Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.22789.exe

  • Size

    788KB

  • Sample

    220919-p33vmaddej

  • MD5

    dac9ddfbf75bd8ddda349414e66db972

  • SHA1

    2b9069eea5a71be7bcacda31830174ef6364ea2c

  • SHA256

    430a9487d85e5998d134ca3a890e0c6ff86101264d1fc4ae869953fac0755c3e

  • SHA512

    a66c0454aa430ff27765a79dfcae7c5903d3ff7928d54e68cbc51287583027b45beb9612fd7f9cf2d10801adf418c08dac0a9da0d82d725b75f44077334756c4

  • SSDEEP

    6144:x5+DIIVITsctz2d1vtvLcUFCkkX6SgS1y9uWnK14susBUaPNLL7+5QQk+orNLJlO:x4kIVczM1fPkr1e9BsXBLyuQX8nDO/

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5415235188:AAGqakDD6FZcw5LLX6hH5qVayV-1OGURlEo/sendMessage?chat_id=1372472614

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.22789.exe

    • Size

      788KB

    • MD5

      dac9ddfbf75bd8ddda349414e66db972

    • SHA1

      2b9069eea5a71be7bcacda31830174ef6364ea2c

    • SHA256

      430a9487d85e5998d134ca3a890e0c6ff86101264d1fc4ae869953fac0755c3e

    • SHA512

      a66c0454aa430ff27765a79dfcae7c5903d3ff7928d54e68cbc51287583027b45beb9612fd7f9cf2d10801adf418c08dac0a9da0d82d725b75f44077334756c4

    • SSDEEP

      6144:x5+DIIVITsctz2d1vtvLcUFCkkX6SgS1y9uWnK14susBUaPNLL7+5QQk+orNLJlO:x4kIVczM1fPkr1e9BsXBLyuQX8nDO/

    • BluStealer

      A Modular information stealer written in Visual Basic.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks