Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    build2.exe

  • Size

    585KB

  • Sample

    230521-tt757sdh5x

  • MD5

    cbfca6bac76bae78506b23ef0c5f2a20

  • SHA1

    ec0998d7e46b457432a4de49b3dc8330ae892254

  • SHA256

    15fedc86e87841c141b113efa635ef5b7d28f7cf906597a60354cd2d3ba85e3b

  • SHA512

    a5d1b700184e4c2412315ee092ae2086985f013c684c843e489080cd4460f020957d8e4553eff36aef58a1b83416a84cd262c448038522987fb8bf60db956375

  • SSDEEP

    12288:q5uHsKs5FNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbc1cT:q5GTD+b

Malware Config

Targets

    • Target

      build2.exe

    • Size

      585KB

    • MD5

      cbfca6bac76bae78506b23ef0c5f2a20

    • SHA1

      ec0998d7e46b457432a4de49b3dc8330ae892254

    • SHA256

      15fedc86e87841c141b113efa635ef5b7d28f7cf906597a60354cd2d3ba85e3b

    • SHA512

      a5d1b700184e4c2412315ee092ae2086985f013c684c843e489080cd4460f020957d8e4553eff36aef58a1b83416a84cd262c448038522987fb8bf60db956375

    • SSDEEP

      12288:q5uHsKs5FNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbc1cT:q5GTD+b

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.