Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    4.6MB

  • Sample

    240416-qfg53sah82

  • MD5

    15a5a210a88d15a932171a9fa25a1356

  • SHA1

    7f6290046bd9bb6129af3da4612fad50369eda09

  • SHA256

    6a92c749f157ec43b1d14cfba29f9ce164ecd3048353a720089f872f13b843fe

  • SHA512

    6738cc6366da9561df4b87f099bba64e56db7421598c2dda25be2933052bdb7593b7b386671f222b1e509a73f54ca982feae27fe22d57b6af82a0b30ffbed258

  • SSDEEP

    98304:dPwGDPsMTm7Gh0nUu7TcY0mmdlv3GLCjcKbbygH:dPfDPtqGmnUu4mmdlO8bbyg

Malware Config

Targets

    • Target

      file.exe

    • Size

      4.6MB

    • MD5

      15a5a210a88d15a932171a9fa25a1356

    • SHA1

      7f6290046bd9bb6129af3da4612fad50369eda09

    • SHA256

      6a92c749f157ec43b1d14cfba29f9ce164ecd3048353a720089f872f13b843fe

    • SHA512

      6738cc6366da9561df4b87f099bba64e56db7421598c2dda25be2933052bdb7593b7b386671f222b1e509a73f54ca982feae27fe22d57b6af82a0b30ffbed258

    • SSDEEP

      98304:dPwGDPsMTm7Gh0nUu7TcY0mmdlv3GLCjcKbbygH:dPfDPtqGmnUu4mmdlO8bbyg

    • Detect ZGRat V1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks