Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

PDF Editor/Setup.exe

windows7-x64

10

PDF Editor/Setup.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PDF_Editor.rar

  • Size

    916KB

  • Sample

    230130-xdgj4adb7s

  • MD5

    4e9aba2bb4aaa1d36345000c9fe5f34f

  • SHA1

    927ff52a4dc3c9199db08bbc94da0a3f5d3240b9

  • SHA256

    8b7e4a85e6ea41caee36f287430d45350f3be89c3b616e28bb520cd0b6d69496

  • SHA512

    db7e9045aa114bcfcce0499515c26ee405cc14963ddc15d29f6c5b64b75d14ef0b1b177002f0fadb2635792b3ebfd75815cf137c53a7c10802f18966640f5d1c

  • SSDEEP

    24576:LHM/yh6MrWT5J7zuIeoXmpmHxjIQp4f19Oj0XW:DM/yh68WTv+1ummvU19OYXW

Score
10/10
rhadamanthyscollectiondiscoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      PDF Editor/Setup.exe

    • Size

      2.2MB

    • MD5

      57eec9f4c439f340671dacfcf681d57e

    • SHA1

      d85ce1c62994c82d9c8ffcb91a1853a8c6214826

    • SHA256

      140f170d8b83611cb8897164be174495dc51961dc34fbccc9a714917cc341b8f

    • SHA512

      e105343b60bcfedd35d2b304f4d28f23e594db3a4f6b2e4ee00ad9240a34653150320514eca62c3336196e27ce2e6b17032818d34686602815aea6caf8a3e842

    • SSDEEP

      24576:yEG5HvVgakU0978UD+xESC+j5EJlTQNEux5PvuOEVi9RPXSqvmoh1WX/S4G75wAc:yxyCnUCg+kF+emEOjWuwP

    Score
    10/10
    rhadamanthyscollectiondiscoveryevasionspywarestealertrojan

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks