Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45
-
Size
2.0MB
-
Sample
230818-z7rm9sff2z
-
MD5
f90fc1de990f77587a7bb0d515d20303
-
SHA1
9f84a45eb11b549dd68fade6174f4142d3285a0f
-
SHA256
ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45
-
SHA512
26c9a042a0c8ead8aeb84420bd2f772c98110c0c592f61ed8e7035b6911dac6a376da9daadd2fc11ec9bafc7c4ff2a7356885be68b08dc4e2a4fd68b7334412e
-
SSDEEP
49152:EWtJTTUYbkfboEgpymruN7Un006BzwH6R8:LtJTufEEgofm5YzC
Behavioral task
behavioral1
Sample
ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45.exe
Resource
win7-20230712-en
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
https://api.telegram.org/bot6123399090:AAHe0LPn_e2tZLMjvzDttAXhWJ3Emna58XM/sendMessage?chat_id=6080368456
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45
-
Size
2.0MB
-
MD5
f90fc1de990f77587a7bb0d515d20303
-
SHA1
9f84a45eb11b549dd68fade6174f4142d3285a0f
-
SHA256
ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45
-
SHA512
26c9a042a0c8ead8aeb84420bd2f772c98110c0c592f61ed8e7035b6911dac6a376da9daadd2fc11ec9bafc7c4ff2a7356885be68b08dc4e2a4fd68b7334412e
-
SSDEEP
49152:EWtJTTUYbkfboEgpymruN7Un006BzwH6R8:LtJTufEEgofm5YzC
-
StormKitty payload
-
Async RAT payload
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-