Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9ef929399eb29c3c23cb999d37c1a0bdef71386e4917d90baffe64e34f603939
-
Size
3.5MB
-
Sample
230804-frb34ahf68
-
MD5
c37171efe5ae927a103289543b695deb
-
SHA1
7ca7a2ef560badebd38611a7318932dfbaf8dee9
-
SHA256
9ef929399eb29c3c23cb999d37c1a0bdef71386e4917d90baffe64e34f603939
-
SHA512
daca64be4321c0eded607236c8f186459c4de4069e9384360f34acf496a77a94ba32d7d4faab2dddd56bf5e663c467b247a31f8c26beea7428354d50f2afe23f
-
SSDEEP
98304:+Wn6DfnEOWmP/oI8N8WW2eCxQQqa2KLXjWRQIHlrUKPbJu:+o6DJWmP/o3pW7Ta2KMHlrdk
Behavioral task
behavioral1
Sample
Tool Reg Gmail/SQLite.Interop.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Tool Reg Gmail/SQLite.Interop.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
Tool Reg Gmail/Tool Reg Gmail.exe
Resource
win7-20230712-en
Behavioral task
behavioral4
Sample
Tool Reg Gmail/Tool Reg Gmail.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
Tool Reg Gmail/SQLite.Interop.dll
-
Size
1.4MB
-
MD5
0525b5757ad04d177e4719e56b8ebddf
-
SHA1
f11d11c9fe963e036fbfe97ad38bfb0f3d1019c8
-
SHA256
b9eb73e402eecb65ce535d505c0c425213f938188f1ff5c53889fca732445167
-
SHA512
7316d092d8be69137e994c8f3caa93317ce1546bb8d5ab596854a61e6a1d5220b47355dc7a124154d1dd0e72646ab7e036e387b66e49a9d6a6698804ae0faa28
-
SSDEEP
24576:Ptps7FIyx/k5GBPpeXgNxHo3sRY65f9CRPchGrWHE5l7991wJN5R1la8ISuqDIR1:MTk5Y2KRTCI6ElRXa8I5Dai
Score3/10 -
-
-
Target
Tool Reg Gmail/Tool Reg Gmail.exe
-
Size
2.9MB
-
MD5
9bb4f8efcb4bd9f775cbf2bb124b52fa
-
SHA1
293c86f7c01b2112acd8f501eb6bece4261c0c68
-
SHA256
fbcad70631d25c84ce0248aff8f3c3754c9b6f44bc95e159477373dcd0244c40
-
SHA512
7d5b92476685053d2ee690d09b548580ec828803eebd1863706bd93235ff94f2281bcfb16fb36ec8725220370377892e342f9948727de8b8a9b405029705cf0a
-
SSDEEP
49152:yJCdNYoYW4IETrsgUvu9N8ivdKDhA+WsPP6QmUTftIsmNm/5XhG34AiROr2J3Y2D:yJYYVrsk9N8ivyhAdsPSQxgU11lwr2Jh
Score10/10-
StormKitty payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-