Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86e71fbd66e00b1c1780e28fbde092a78709b9da68a8eb2bbd4b86af446a3bb9

  • Size

    246KB

  • Sample

    230308-g5fh4sed29

  • MD5

    b239207d0838d757ff824c5cc6ddbf56

  • SHA1

    c82e5841d586364b4a5adc539df76967042c7aec

  • SHA256

    86e71fbd66e00b1c1780e28fbde092a78709b9da68a8eb2bbd4b86af446a3bb9

  • SHA512

    fea2c54107f53aba33804a6b52b645390e414704772a270c0b84d1a0a17855c5b7347adafcd2494fa5c1ea46c30ba7e005b9f9008a7a1270f92cf827249142c3

  • SSDEEP

    6144:HwWXyGlrmKGeji4bdW38JbTIoHJCG7nMq/hjK2j:HwaLlrmKGr4b+UckJCYt/hjVj

Malware Config

Targets

    • Target

      86e71fbd66e00b1c1780e28fbde092a78709b9da68a8eb2bbd4b86af446a3bb9

    • Size

      246KB

    • MD5

      b239207d0838d757ff824c5cc6ddbf56

    • SHA1

      c82e5841d586364b4a5adc539df76967042c7aec

    • SHA256

      86e71fbd66e00b1c1780e28fbde092a78709b9da68a8eb2bbd4b86af446a3bb9

    • SHA512

      fea2c54107f53aba33804a6b52b645390e414704772a270c0b84d1a0a17855c5b7347adafcd2494fa5c1ea46c30ba7e005b9f9008a7a1270f92cf827249142c3

    • SSDEEP

      6144:HwWXyGlrmKGeji4bdW38JbTIoHJCG7nMq/hjK2j:HwaLlrmKGr4b+UckJCYt/hjVj

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks