Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ef929399eb29c3c23cb999d37c1a0bdef71386e4917d90baffe64e34f603939

  • Size

    3.5MB

  • Sample

    230804-frb34ahf68

  • MD5

    c37171efe5ae927a103289543b695deb

  • SHA1

    7ca7a2ef560badebd38611a7318932dfbaf8dee9

  • SHA256

    9ef929399eb29c3c23cb999d37c1a0bdef71386e4917d90baffe64e34f603939

  • SHA512

    daca64be4321c0eded607236c8f186459c4de4069e9384360f34acf496a77a94ba32d7d4faab2dddd56bf5e663c467b247a31f8c26beea7428354d50f2afe23f

  • SSDEEP

    98304:+Wn6DfnEOWmP/oI8N8WW2eCxQQqa2KLXjWRQIHlrUKPbJu:+o6DJWmP/o3pW7Ta2KMHlrdk

Malware Config

Targets

    • Target

      Tool Reg Gmail/SQLite.Interop.dll

    • Size

      1.4MB

    • MD5

      0525b5757ad04d177e4719e56b8ebddf

    • SHA1

      f11d11c9fe963e036fbfe97ad38bfb0f3d1019c8

    • SHA256

      b9eb73e402eecb65ce535d505c0c425213f938188f1ff5c53889fca732445167

    • SHA512

      7316d092d8be69137e994c8f3caa93317ce1546bb8d5ab596854a61e6a1d5220b47355dc7a124154d1dd0e72646ab7e036e387b66e49a9d6a6698804ae0faa28

    • SSDEEP

      24576:Ptps7FIyx/k5GBPpeXgNxHo3sRY65f9CRPchGrWHE5l7991wJN5R1la8ISuqDIR1:MTk5Y2KRTCI6ElRXa8I5Dai

    Score
    3/10
    • Target

      Tool Reg Gmail/Tool Reg Gmail.exe

    • Size

      2.9MB

    • MD5

      9bb4f8efcb4bd9f775cbf2bb124b52fa

    • SHA1

      293c86f7c01b2112acd8f501eb6bece4261c0c68

    • SHA256

      fbcad70631d25c84ce0248aff8f3c3754c9b6f44bc95e159477373dcd0244c40

    • SHA512

      7d5b92476685053d2ee690d09b548580ec828803eebd1863706bd93235ff94f2281bcfb16fb36ec8725220370377892e342f9948727de8b8a9b405029705cf0a

    • SSDEEP

      49152:yJCdNYoYW4IETrsgUvu9N8ivdKDhA+WsPP6QmUTftIsmNm/5XhG34AiROr2J3Y2D:yJYYVrsk9N8ivyhAdsPSQxgU11lwr2Jh

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks