Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

08/08/2023, 04:11

230808-er5jzaae36 10

General

  • Target

    Fortnite Balls.exe

  • Size

    26.4MB

  • Sample

    230808-er5jzaae36

  • MD5

    acfcce2bfbc7bccd9c38757fe165e1f9

  • SHA1

    113f5295026bd2e5b5aecdfea817842e8564e671

  • SHA256

    bbfc8e548d2bde2e43b501b54b82bd75267e4b7fb9cbf5dfd76971b838c87858

  • SHA512

    2f5d7ced66e3aa8238cc8c857e6ed34f2c3509f12a242f5c46fa8dc4b794601d11f052442b61aeed1f024175cb077610637db9443dc915f0e4b179f67a7ff7ea

  • SSDEEP

    393216:Y/Fqyf/gsteVbFVQPndQuslSq9RoWOv+9fgSPBfMHKf:Y42QVbXQPndQuSborvSYSP+HO

Malware Config

Targets

    • Target

      Fortnite Balls.exe

    • Size

      26.4MB

    • MD5

      acfcce2bfbc7bccd9c38757fe165e1f9

    • SHA1

      113f5295026bd2e5b5aecdfea817842e8564e671

    • SHA256

      bbfc8e548d2bde2e43b501b54b82bd75267e4b7fb9cbf5dfd76971b838c87858

    • SHA512

      2f5d7ced66e3aa8238cc8c857e6ed34f2c3509f12a242f5c46fa8dc4b794601d11f052442b61aeed1f024175cb077610637db9443dc915f0e4b179f67a7ff7ea

    • SSDEEP

      393216:Y/Fqyf/gsteVbFVQPndQuslSq9RoWOv+9fgSPBfMHKf:Y42QVbXQPndQuSborvSYSP+HO

    Score
    10/10
    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks