Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Audacity lnstallSetup.zip

  • Size

    1.2MB

  • Sample

    230202-rjhrfsdd39

  • MD5

    2329b9407dcec82b60ac0da8ac0fa1f1

  • SHA1

    053ab11286f81019cb38b0849f7488b4fe513d64

  • SHA256

    a130810e663458a3c4037ec1fff7fc151d1974cda568574346fe9834f858153a

  • SHA512

    60384657abd87edd84e704d1db1510c18d52e4537070e21288ce76c364d984867a72c936073f8ae1ca759b10b4b7dd0cc6bd19d077d2d87cefd33cba6205f065

  • SSDEEP

    3072:DdA+F/cXEobEn20Xgcm3VWzvrJlkQJEmzJGNNvbO9HN5yVRhUYPVb3MBswgR5/:xAocBIntvpbJAvC9t5krUYB3WI5/

Malware Config

Targets

    • Target

      Audacity lnstallSetup.exe

    • Size

      805.0MB

    • MD5

      9cc1ace92bdea826528ddf9ed9e6ff15

    • SHA1

      29d3d26a7e9f4a42816a78a272ba1b92a7b4f7bb

    • SHA256

      c9cb8c7e23a392d404db0530819d76d31c2011110872517226171b9c5441096f

    • SHA512

      140e94e1212e1b606163259df5ee0fee9e71db3ed072dcbea196fbde56547e89120fd4330294c633bf22b82265d570c6073178a1685769166c091c2d3bcccd42

    • SSDEEP

      6144:jkfcNplrEPyT/BvyhN2YWh5kr355555555555555555555555555555555555554:acNpDdyh61

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks