Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    build2.exe

  • Size

    585KB

  • Sample

    230521-tt757sdh5x

  • MD5

    cbfca6bac76bae78506b23ef0c5f2a20

  • SHA1

    ec0998d7e46b457432a4de49b3dc8330ae892254

  • SHA256

    15fedc86e87841c141b113efa635ef5b7d28f7cf906597a60354cd2d3ba85e3b

  • SHA512

    a5d1b700184e4c2412315ee092ae2086985f013c684c843e489080cd4460f020957d8e4553eff36aef58a1b83416a84cd262c448038522987fb8bf60db956375

  • SSDEEP

    12288:q5uHsKs5FNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbc1cT:q5GTD+b

Malware Config

Targets

    • Target

      build2.exe

    • Size

      585KB

    • MD5

      cbfca6bac76bae78506b23ef0c5f2a20

    • SHA1

      ec0998d7e46b457432a4de49b3dc8330ae892254

    • SHA256

      15fedc86e87841c141b113efa635ef5b7d28f7cf906597a60354cd2d3ba85e3b

    • SHA512

      a5d1b700184e4c2412315ee092ae2086985f013c684c843e489080cd4460f020957d8e4553eff36aef58a1b83416a84cd262c448038522987fb8bf60db956375

    • SSDEEP

      12288:q5uHsKs5FNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbc1cT:q5GTD+b

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks