Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Heur.MSIL.Pretoria.1.29115.19571.exe

  • Size

    1.4MB

  • Sample

    240404-18g1wsbe41

  • MD5

    d492e1fdbf9afc9ea10d4fdfe6981872

  • SHA1

    fde552ecca6352347027e74b27f25623b3b95e3f

  • SHA256

    fe3a180c6f2b60573884dffd9ed91d858fc7c98fecf98218fd1d9e51256734b0

  • SHA512

    98278857ac5a82f7073fb077fea797aaab2467f5ffd213a09d4c003d18be0a5e21de961fd09138c59ea7347143bad096099a28ef24b83132604291fc3f136f72

  • SSDEEP

    24576:GvPqS8a8+xHGokgzo1lMATzJWCMkoXSFqnVM9bnaXc:yn8ax4gcLMARziv

Malware Config

Targets

    • Target

      SecuriteInfo.com.Heur.MSIL.Pretoria.1.29115.19571.exe

    • Size

      1.4MB

    • MD5

      d492e1fdbf9afc9ea10d4fdfe6981872

    • SHA1

      fde552ecca6352347027e74b27f25623b3b95e3f

    • SHA256

      fe3a180c6f2b60573884dffd9ed91d858fc7c98fecf98218fd1d9e51256734b0

    • SHA512

      98278857ac5a82f7073fb077fea797aaab2467f5ffd213a09d4c003d18be0a5e21de961fd09138c59ea7347143bad096099a28ef24b83132604291fc3f136f72

    • SSDEEP

      24576:GvPqS8a8+xHGokgzo1lMATzJWCMkoXSFqnVM9bnaXc:yn8ax4gcLMARziv

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks