Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Client.exe

windows7-x64

10

Client.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client.exe

  • Size

    175KB

  • Sample

    240916-vhe6qayhkl

  • MD5

    50f1d8f3ae2ba26baba9110bb7012874

  • SHA1

    d73580a504cb9764a1420f3d27de2eff4a415938

  • SHA256

    324a9a6ac7182049c0c2778c28aacb856a16bd7d41c7142449550d03946bb52c

  • SHA512

    6e6beab861316e36a35d9b755b6fa63db8dc61c63eecf6cb27f008e1d2953c4ebcc1d7e6ed56241ff62ca5a4fa51a27ef40e692a5a51a4909b96f42e9112c254

  • SSDEEP

    3072:le8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTlwARE+WpCc:p6ewwIwQJ6vKX0c5MlYZ0b2G

Score
10/10
asyncratstormkittydefaultcredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6799458854:AAHitH2Kpnt-1DMoGhbvJ704MzG8-QToRls/sendMessage?chat_id=7483355978
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
VIfxfqryUTyZUBGDCBAvbYVYIsexIM7Z

Targets

    • Target

      Client.exe

    • Size

      175KB

    • MD5

      50f1d8f3ae2ba26baba9110bb7012874

    • SHA1

      d73580a504cb9764a1420f3d27de2eff4a415938

    • SHA256

      324a9a6ac7182049c0c2778c28aacb856a16bd7d41c7142449550d03946bb52c

    • SHA512

      6e6beab861316e36a35d9b755b6fa63db8dc61c63eecf6cb27f008e1d2953c4ebcc1d7e6ed56241ff62ca5a4fa51a27ef40e692a5a51a4909b96f42e9112c254

    • SSDEEP

      3072:le8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTlwARE+WpCc:p6ewwIwQJ6vKX0c5MlYZ0b2G

    Score
    10/10
    asyncratstormkittydefaultcredential_accessdiscoverypersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.