Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a7867748594a9112317189ae39d6e49f8d41ded2aca102209c2a73a13a1126ee

  • Size

    248KB

  • Sample

    230205-z7navaec7t

  • MD5

    dd70d6f65ac9130bad2fa6e1d212b8c1

  • SHA1

    1efd5dbfe68f298292b3c74aa121dc1249bd7528

  • SHA256

    a7867748594a9112317189ae39d6e49f8d41ded2aca102209c2a73a13a1126ee

  • SHA512

    4a6771a0d400547d432ae461d5700307d3cee2e09377ac8f621a015f15c86e546f85b050700906a3a133d60b117968529bcfccc553afba754e10c769e9ceef78

  • SSDEEP

    3072:FPP4OHwhsjezkNL959WwM95NueH39TBxLTEEIFBP1kuu5r:RP4cnj2GL/9PeX9lxLAEIFguu5

Malware Config

Targets

    • Target

      a7867748594a9112317189ae39d6e49f8d41ded2aca102209c2a73a13a1126ee

    • Size

      248KB

    • MD5

      dd70d6f65ac9130bad2fa6e1d212b8c1

    • SHA1

      1efd5dbfe68f298292b3c74aa121dc1249bd7528

    • SHA256

      a7867748594a9112317189ae39d6e49f8d41ded2aca102209c2a73a13a1126ee

    • SHA512

      4a6771a0d400547d432ae461d5700307d3cee2e09377ac8f621a015f15c86e546f85b050700906a3a133d60b117968529bcfccc553afba754e10c769e9ceef78

    • SSDEEP

      3072:FPP4OHwhsjezkNL959WwM95NueH39TBxLTEEIFBP1kuu5r:RP4cnj2GL/9PeX9lxLAEIFguu5

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks