Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.22789.exe
-
Size
788KB
-
Sample
220919-p33vmaddej
-
MD5
dac9ddfbf75bd8ddda349414e66db972
-
SHA1
2b9069eea5a71be7bcacda31830174ef6364ea2c
-
SHA256
430a9487d85e5998d134ca3a890e0c6ff86101264d1fc4ae869953fac0755c3e
-
SHA512
a66c0454aa430ff27765a79dfcae7c5903d3ff7928d54e68cbc51287583027b45beb9612fd7f9cf2d10801adf418c08dac0a9da0d82d725b75f44077334756c4
-
SSDEEP
6144:x5+DIIVITsctz2d1vtvLcUFCkkX6SgS1y9uWnK14susBUaPNLL7+5QQk+orNLJlO:x4kIVczM1fPkr1e9BsXBLyuQX8nDO/
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.22789.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.22789.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
blustealer
https://api.telegram.org/bot5415235188:AAGqakDD6FZcw5LLX6hH5qVayV-1OGURlEo/sendMessage?chat_id=1372472614
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.22789.exe
-
Size
788KB
-
MD5
dac9ddfbf75bd8ddda349414e66db972
-
SHA1
2b9069eea5a71be7bcacda31830174ef6364ea2c
-
SHA256
430a9487d85e5998d134ca3a890e0c6ff86101264d1fc4ae869953fac0755c3e
-
SHA512
a66c0454aa430ff27765a79dfcae7c5903d3ff7928d54e68cbc51287583027b45beb9612fd7f9cf2d10801adf418c08dac0a9da0d82d725b75f44077334756c4
-
SSDEEP
6144:x5+DIIVITsctz2d1vtvLcUFCkkX6SgS1y9uWnK14susBUaPNLL7+5QQk+orNLJlO:x4kIVczM1fPkr1e9BsXBLyuQX8nDO/
Score10/10-
StormKitty payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-