Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45

  • Size

    2.0MB

  • Sample

    230818-z7rm9sff2z

  • MD5

    f90fc1de990f77587a7bb0d515d20303

  • SHA1

    9f84a45eb11b549dd68fade6174f4142d3285a0f

  • SHA256

    ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45

  • SHA512

    26c9a042a0c8ead8aeb84420bd2f772c98110c0c592f61ed8e7035b6911dac6a376da9daadd2fc11ec9bafc7c4ff2a7356885be68b08dc4e2a4fd68b7334412e

  • SSDEEP

    49152:EWtJTTUYbkfboEgpymruN7Un006BzwH6R8:LtJTufEEgofm5YzC

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6123399090:AAHe0LPn_e2tZLMjvzDttAXhWJ3Emna58XM/sendMessage?chat_id=6080368456

Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45

    • Size

      2.0MB

    • MD5

      f90fc1de990f77587a7bb0d515d20303

    • SHA1

      9f84a45eb11b549dd68fade6174f4142d3285a0f

    • SHA256

      ea84b06cfd59116fd687d38a13909ab00f0e38d572d0de1df42be909bea5ac45

    • SHA512

      26c9a042a0c8ead8aeb84420bd2f772c98110c0c592f61ed8e7035b6911dac6a376da9daadd2fc11ec9bafc7c4ff2a7356885be68b08dc4e2a4fd68b7334412e

    • SSDEEP

      49152:EWtJTTUYbkfboEgpymruN7Un006BzwH6R8:LtJTufEEgofm5YzC

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Async RAT payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v15

Tasks