Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Executor.exe

  • Size

    449KB

  • Sample

    240119-qxyt6affd4

  • MD5

    459e8bdeb3cce5eb125daaca4f9801db

  • SHA1

    fe111daa4fca9ef50fa284b207a11efaccf556d6

  • SHA256

    f98794ad3364950618b5eae55d60842b083975bc73e9ca5628d718195e25bc4f

  • SHA512

    f043fd7d7547292aa122f8d3b0af35489a39e20735ad18994124c77e4a73f3cb3a94fe0ef961552dd8bc7763323b887b583ffc103a40224a2d154b37f9b7c751

  • SSDEEP

    6144:UjuyZCYHHoHEf8mrUF/wUVh1GgyejeMJbunO29OIndKU+vAiBxSXCM:yFHHgF/wUVyzMsnO58n+rBxSSM

Malware Config

Targets

    • Target

      Executor.exe

    • Size

      449KB

    • MD5

      459e8bdeb3cce5eb125daaca4f9801db

    • SHA1

      fe111daa4fca9ef50fa284b207a11efaccf556d6

    • SHA256

      f98794ad3364950618b5eae55d60842b083975bc73e9ca5628d718195e25bc4f

    • SHA512

      f043fd7d7547292aa122f8d3b0af35489a39e20735ad18994124c77e4a73f3cb3a94fe0ef961552dd8bc7763323b887b583ffc103a40224a2d154b37f9b7c751

    • SSDEEP

      6144:UjuyZCYHHoHEf8mrUF/wUVh1GgyejeMJbunO29OIndKU+vAiBxSXCM:yFHHgF/wUVyzMsnO58n+rBxSSM

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks