Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    35b5b0cc100e0ba95f366d6a3b427823.exe

  • Size

    490KB

  • Sample

    240102-tbzq4sbhc7

  • MD5

    35b5b0cc100e0ba95f366d6a3b427823

  • SHA1

    2845a8d906a0c93281c560de1e2e3d5a8ae2a546

  • SHA256

    2db46ad5e0370f7f9762fd2ed5ca32e2bfcb7d78c56df7240cd4ff05889dd4d0

  • SHA512

    29252fdfd992ec5d0d351d43bed65872f0a5637a1854fbe796aa37f9dfbba4e11d0ba2be8418c56a79a846100e96418c7ee7d8bc8ee1b489a5a8bd0ca073841d

  • SSDEEP

    12288:CTPh8TlBsPJ78hCWS0ok+jhXWuz/qMvp5h93Yure:zl870

Malware Config

Targets

    • Target

      35b5b0cc100e0ba95f366d6a3b427823.exe

    • Size

      490KB

    • MD5

      35b5b0cc100e0ba95f366d6a3b427823

    • SHA1

      2845a8d906a0c93281c560de1e2e3d5a8ae2a546

    • SHA256

      2db46ad5e0370f7f9762fd2ed5ca32e2bfcb7d78c56df7240cd4ff05889dd4d0

    • SHA512

      29252fdfd992ec5d0d351d43bed65872f0a5637a1854fbe796aa37f9dfbba4e11d0ba2be8418c56a79a846100e96418c7ee7d8bc8ee1b489a5a8bd0ca073841d

    • SSDEEP

      12288:CTPh8TlBsPJ78hCWS0ok+jhXWuz/qMvp5h93Yure:zl870

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks