Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

1688-449-0...ry.exe

windows7-x64

10

1688-449-0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1688-449-0x0000021C4DE00000-0x0000021C4DE2C000-memory.dmp

  • Size

    176KB

  • Sample

    240926-3vslksxcne

  • MD5

    ba0b777de3a6a9a3180f2dc6ea002a07

  • SHA1

    d3ff8487c3c74fcad06c20c423c15e026503ebab

  • SHA256

    5883d006fa7bc455ce2dc1260b18100c1a9e89c9a5357b2b7991eb9f2c15b66b

  • SHA512

    6e08f173b4a1d9e5cfbe69b392e103216a2603c11fc9009396be8295ee748bc4df7819b1963e87eaf710b96c7750edefecd745ec76674e103a1aacd8180925a9

  • SSDEEP

    3072:AJwPUfRrKrG6c7QnURZbZfwSMXaf69ez:geUfuyXZb5wSt

Score
10/10
asyncratnightingalecollectioncredential_accessexecutionratspywarestealer

Malware Config

Targets

    • Target

      1688-449-0x0000021C4DE00000-0x0000021C4DE2C000-memory.dmp

    • Size

      176KB

    • MD5

      ba0b777de3a6a9a3180f2dc6ea002a07

    • SHA1

      d3ff8487c3c74fcad06c20c423c15e026503ebab

    • SHA256

      5883d006fa7bc455ce2dc1260b18100c1a9e89c9a5357b2b7991eb9f2c15b66b

    • SHA512

      6e08f173b4a1d9e5cfbe69b392e103216a2603c11fc9009396be8295ee748bc4df7819b1963e87eaf710b96c7750edefecd745ec76674e103a1aacd8180925a9

    • SSDEEP

      3072:AJwPUfRrKrG6c7QnURZbZfwSMXaf69ez:geUfuyXZb5wSt

    Score
    10/10
    asyncratnightingalecollectioncredential_accessexecutionratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Nightingale stealer

      Nightingale stealer is an information stealer written in C#.

      stealernightingale

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks