Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PDF_Editor.rar
-
Size
916KB
-
Sample
230130-xdgj4adb7s
-
MD5
4e9aba2bb4aaa1d36345000c9fe5f34f
-
SHA1
927ff52a4dc3c9199db08bbc94da0a3f5d3240b9
-
SHA256
8b7e4a85e6ea41caee36f287430d45350f3be89c3b616e28bb520cd0b6d69496
-
SHA512
db7e9045aa114bcfcce0499515c26ee405cc14963ddc15d29f6c5b64b75d14ef0b1b177002f0fadb2635792b3ebfd75815cf137c53a7c10802f18966640f5d1c
-
SSDEEP
24576:LHM/yh6MrWT5J7zuIeoXmpmHxjIQp4f19Oj0XW:DM/yh68WTv+1ummvU19OYXW
Static task
static1
Behavioral task
behavioral1
Sample
PDF Editor/Setup.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
PDF Editor/Setup.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
PDF Editor/Setup.exe
-
Size
2.2MB
-
MD5
57eec9f4c439f340671dacfcf681d57e
-
SHA1
d85ce1c62994c82d9c8ffcb91a1853a8c6214826
-
SHA256
140f170d8b83611cb8897164be174495dc51961dc34fbccc9a714917cc341b8f
-
SHA512
e105343b60bcfedd35d2b304f4d28f23e594db3a4f6b2e4ee00ad9240a34653150320514eca62c3336196e27ce2e6b17032818d34686602815aea6caf8a3e842
-
SSDEEP
24576:yEG5HvVgakU0978UD+xESC+j5EJlTQNEux5PvuOEVi9RPXSqvmoh1WX/S4G75wAc:yxyCnUCg+kF+emEOjWuwP
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-