Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

153a321e17...af.exe

windows7-x64

10

153a321e17...af.exe

windows10-2004-x64

10

153a321e17...af.exe

android-9-x86

153a321e17...af.exe

android-10-x64

153a321e17...af.exe

android-11-x64

153a321e17...af.exe

macos-10.15-amd64

153a321e17...af.exe

ubuntu-18.04-amd64

153a321e17...af.exe

debian-9-armhf

153a321e17...af.exe

debian-9-mips

153a321e17...af.exe

debian-9-mipsel

Resubmissions

13/01/2025, 01:11 UTC

250113-bkczla1ldl 10

12/01/2025, 12:44 UTC

250112-pyjwyssng1 10

11/01/2025, 02:25 UTC

250111-cwhjwsyqdt 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    153a321e178bc28e0f2c6432763bb44fc47b573596387ec241ca45d8775e12af.exe

  • Size

    175KB

  • Sample

    250112-pyjwyssng1

  • MD5

    f69889d705f5d72d65661b48535ae1b3

  • SHA1

    4c8f3cf14130e6519339a370bba4527ecb012cde

  • SHA256

    153a321e178bc28e0f2c6432763bb44fc47b573596387ec241ca45d8775e12af

  • SHA512

    a182272541b22dd58d44db506f0c3368fd0e54d0e616d48b6980563eb12d8d9a377bb0d0272c0c2576d36359f10367e27043d3c3106e5d985be0843112fedb3d

  • SSDEEP

    3072:Ke8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gT8wARE+WpCc:66ewwIwQJ6vKX0c5MlYZ0b2R

Score
10/10
asyncratstormkittydefaultandroiddiscoverylinuxmacospersistenceprivilege_escalationratspywarestealer

Malware Config

Extracted

Family

asyncrat

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

https://api.telegram.org/bot6331768257:AAE1Rrc3F4A-nTJkfXEukNBriTate8i72L8/sendMessage?chat_id=5287158069
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
VIfxfqryUTyZUBGDCBAvbYVYIsexIM7Z

Targets

    • Target

      153a321e178bc28e0f2c6432763bb44fc47b573596387ec241ca45d8775e12af.exe

    • Size

      175KB

    • MD5

      f69889d705f5d72d65661b48535ae1b3

    • SHA1

      4c8f3cf14130e6519339a370bba4527ecb012cde

    • SHA256

      153a321e178bc28e0f2c6432763bb44fc47b573596387ec241ca45d8775e12af

    • SHA512

      a182272541b22dd58d44db506f0c3368fd0e54d0e616d48b6980563eb12d8d9a377bb0d0272c0c2576d36359f10367e27043d3c3106e5d985be0843112fedb3d

    • SSDEEP

      3072:Ke8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gT8wARE+WpCc:66ewwIwQJ6vKX0c5MlYZ0b2R

    Score
    10/10
    asyncratstormkittydefaultdiscoverypersistenceprivilege_escalationratspywarestealer

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • Stormkitty family

      stormkitty

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral10behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.