Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
main (1).exe
-
Size
89KB
-
Sample
240714-25v9sayhkc
-
MD5
755ee27c14914293c29ce91be08c20df
-
SHA1
cd4b0c9f25261d59689416734f9495a0c30bde17
-
SHA256
f57315d9f70cab67669c23e10b081aac70f336369605d8c5e3079411f61e36de
-
SHA512
a250ef4af67d0b5cb4d671ae72f689fcfc4704c0ce99768a7408e0824b1465f9e94e9027f8e6b2855bc0dfe4201deca85333809d34fad617e7ab411c7e10540c
-
SSDEEP
1536:R97fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfBweOy:Rp7DhdC6kzWypvaQ0FxyNTBfBt
Static task
static1
Behavioral task
behavioral1
Sample
main (1).exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
main (1).exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
https://full-recording.gl.at.ply.gg:14817/data
Extracted
https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/webcam.ps1
Extracted
https://github.com/Somali-Devs/Kematian-Stealer/raw/main/frontend-src/kematian_shellcode.ps1
Targets
-
-
Target
main (1).exe
-
Size
89KB
-
MD5
755ee27c14914293c29ce91be08c20df
-
SHA1
cd4b0c9f25261d59689416734f9495a0c30bde17
-
SHA256
f57315d9f70cab67669c23e10b081aac70f336369605d8c5e3079411f61e36de
-
SHA512
a250ef4af67d0b5cb4d671ae72f689fcfc4704c0ce99768a7408e0824b1465f9e94e9027f8e6b2855bc0dfe4201deca85333809d34fad617e7ab411c7e10540c
-
SSDEEP
1536:R97fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfBweOy:Rp7DhdC6kzWypvaQ0FxyNTBfBt
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-