Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Lazzarus_Setup.exe

  • Size

    53.2MB

  • Sample

    230418-bdp1ksaf4w

  • MD5

    2ad6b36a0c48ca740b6d5c8f3c988ece

  • SHA1

    86d8ba6c8f6b4f226ab57376d4d2f944cba0c075

  • SHA256

    2bb8fe909426c314cb93c573b4e4230fa8c6649f2862d2cacca751e7998302d0

  • SHA512

    b30e6d6b8aa341d02ee9240e6b9030b4a0fb0609b67e7ea5ac8a27c1814c4790e66694887795a40378ef0687e4d78046e3cb113767b1afba33d8adeb028e06ca

  • SSDEEP

    1572864:CZikz7kZQ0IWFSZhqGJlwRoEpG1wEArR7MCh7:k/kZQfDqGJlwRoh1oFICh7

Malware Config

Targets

    • Target

      Lazzarus_Setup.exe

    • Size

      53.2MB

    • MD5

      2ad6b36a0c48ca740b6d5c8f3c988ece

    • SHA1

      86d8ba6c8f6b4f226ab57376d4d2f944cba0c075

    • SHA256

      2bb8fe909426c314cb93c573b4e4230fa8c6649f2862d2cacca751e7998302d0

    • SHA512

      b30e6d6b8aa341d02ee9240e6b9030b4a0fb0609b67e7ea5ac8a27c1814c4790e66694887795a40378ef0687e4d78046e3cb113767b1afba33d8adeb028e06ca

    • SSDEEP

      1572864:CZikz7kZQ0IWFSZhqGJlwRoEpG1wEArR7MCh7:k/kZQfDqGJlwRoh1oFICh7

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks