Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SevenRedCodeDotnet.exe

  • Size

    28KB

  • Sample

    240501-gl82babf59

  • MD5

    3b1ce9c2afe664f11ddfacceeca0875a

  • SHA1

    166c88a4ccd007c5b460f77b8b1f5726ac91e22a

  • SHA256

    5db37b4e53d6aa13481ae8d4d82907dbe652909e84b730c56dc2f7a89846cfda

  • SHA512

    4f9bb3272e829e3959ad3c3ae459f8fcc36e73f58f5b86e1ce248261e6cbda820688a15dcad81f3e2cfffbdae5606faf730d035219644048b45f30afcb04ca01

  • SSDEEP

    384:aTTADuwXZAQ+XKlT4AybtvCwrMc+4jvkjvcK5MhsYilRt9VSTxM66YNT/IszFd26:aTTAawS21jybWUnUZS99/gK

Malware Config

Targets

    • Target

      SevenRedCodeDotnet.exe

    • Size

      28KB

    • MD5

      3b1ce9c2afe664f11ddfacceeca0875a

    • SHA1

      166c88a4ccd007c5b460f77b8b1f5726ac91e22a

    • SHA256

      5db37b4e53d6aa13481ae8d4d82907dbe652909e84b730c56dc2f7a89846cfda

    • SHA512

      4f9bb3272e829e3959ad3c3ae459f8fcc36e73f58f5b86e1ce248261e6cbda820688a15dcad81f3e2cfffbdae5606faf730d035219644048b45f30afcb04ca01

    • SSDEEP

      384:aTTADuwXZAQ+XKlT4AybtvCwrMc+4jvkjvcK5MhsYilRt9VSTxM66YNT/IszFd26:aTTAawS21jybWUnUZS99/gK

    • Renames multiple (1009) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks