Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    793494917d54e6442e563ccfd48360c989f5b19d4652616c72c631a3ddcb1ee9

  • Size

    223KB

  • Sample

    230214-kf3twsca63

  • MD5

    8692f977e61959643665b64938181fbc

  • SHA1

    7d6553eb3e21548fed2b0a30e7740fced603b7b5

  • SHA256

    793494917d54e6442e563ccfd48360c989f5b19d4652616c72c631a3ddcb1ee9

  • SHA512

    8d870dcf342e78e65ad031185f9952e7ce59280425c5780a63b2274054f3c24ed956d3f5accec9f00baeeaf68ecea64699cf24adb38b2c8ba0541ad304a3a767

  • SSDEEP

    6144:VLLRbZxl0LBrJhoCqrSvefmmiEbiKwCYPVt:VLlcrrqrSWZiFCYtt

Malware Config

Targets

    • Target

      793494917d54e6442e563ccfd48360c989f5b19d4652616c72c631a3ddcb1ee9

    • Size

      223KB

    • MD5

      8692f977e61959643665b64938181fbc

    • SHA1

      7d6553eb3e21548fed2b0a30e7740fced603b7b5

    • SHA256

      793494917d54e6442e563ccfd48360c989f5b19d4652616c72c631a3ddcb1ee9

    • SHA512

      8d870dcf342e78e65ad031185f9952e7ce59280425c5780a63b2274054f3c24ed956d3f5accec9f00baeeaf68ecea64699cf24adb38b2c8ba0541ad304a3a767

    • SSDEEP

      6144:VLLRbZxl0LBrJhoCqrSvefmmiEbiKwCYPVt:VLlcrrqrSWZiFCYtt

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks