Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    306KB

  • Sample

    230307-pwsfbaaa43

  • MD5

    457bf3e5181bbddea129330b1cd81b78

  • SHA1

    efa77c57e3c3349fda484f7b06b69ce0635a6f12

  • SHA256

    b3c16003d613c90f1741bf5b9cf2f2ceb3eac08da27dacefd8162364838a3227

  • SHA512

    ae54777c03913a3eb589754061439806a2b8704d6844b2c5352ae8e5e10b16e6e3cc09c1a4269d45ff8668a8a361584cc30f6170376e4360684ca317276883c2

  • SSDEEP

    6144:5mLIg+4U0b0iYqEV1uz8+LyznLFOpUOF0ketYVMNb:5mB+L0sqEVQ8WyznLmB0kk2

Malware Config

Targets

    • Target

      file.exe

    • Size

      306KB

    • MD5

      457bf3e5181bbddea129330b1cd81b78

    • SHA1

      efa77c57e3c3349fda484f7b06b69ce0635a6f12

    • SHA256

      b3c16003d613c90f1741bf5b9cf2f2ceb3eac08da27dacefd8162364838a3227

    • SHA512

      ae54777c03913a3eb589754061439806a2b8704d6844b2c5352ae8e5e10b16e6e3cc09c1a4269d45ff8668a8a361584cc30f6170376e4360684ca317276883c2

    • SSDEEP

      6144:5mLIg+4U0b0iYqEV1uz8+LyznLFOpUOF0ketYVMNb:5mB+L0sqEVQ8WyznLmB0kk2

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks