Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4b7ac79927c3dd365976472d5639da76fb6ae5611844a183a51b77208bb425e1

  • Size

    401KB

  • Sample

    230210-qma1caaf5x

  • MD5

    471ac66babc0aefdc3a043335a5dd59a

  • SHA1

    232f1280232136bdb905115af2a534e9ade14cf9

  • SHA256

    4b7ac79927c3dd365976472d5639da76fb6ae5611844a183a51b77208bb425e1

  • SHA512

    d3ba735b8568e2b53257da1de5026ce108ad57b420e03688e142e9df7de02bd28dcf089a373cb45b7a43e916eb3f8884fb818c4a6cb38f35a5efbe7818211919

  • SSDEEP

    6144:wvDSaSED4QseZxLi6vC4sdSrDuUFOSnfWZvxT:wLa491i664sdSr1FOSnfWZ

Malware Config

Targets

    • Target

      4b7ac79927c3dd365976472d5639da76fb6ae5611844a183a51b77208bb425e1

    • Size

      401KB

    • MD5

      471ac66babc0aefdc3a043335a5dd59a

    • SHA1

      232f1280232136bdb905115af2a534e9ade14cf9

    • SHA256

      4b7ac79927c3dd365976472d5639da76fb6ae5611844a183a51b77208bb425e1

    • SHA512

      d3ba735b8568e2b53257da1de5026ce108ad57b420e03688e142e9df7de02bd28dcf089a373cb45b7a43e916eb3f8884fb818c4a6cb38f35a5efbe7818211919

    • SSDEEP

      6144:wvDSaSED4QseZxLi6vC4sdSrDuUFOSnfWZvxT:wLa491i664sdSr1FOSnfWZ

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks