Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Audaclty latest.zip

  • Size

    244.2MB

  • Sample

    230202-fzfq9aha3t

  • MD5

    4697afa6acce62f9b005984af63de91b

  • SHA1

    b8a2d318b7f872ecf7fd82707fe4f72ef75fb2ca

  • SHA256

    077da5d4ac88e264a28ccadbe976cd2b15097fd51c7301c9213a54e9b511aec4

  • SHA512

    635fdd735aaeae2c8d54b3da2dc596056c14bd8389354da990c19e8283ce916cb57ea39d07e4f4822233e57cfb72f428d4051696ac2ad2dbf46a1d75db36cd41

  • SSDEEP

    6291456:sDwEZTxkSqb4j1EFxp2Ntj4yx9F0uBMPjXZ4DOhSE:sDwEZTKS8kGfpMjHGDTZ4DOhD

Malware Config

Targets

    • Target

      About/samples/aspnetmvc/.nuget/nuget.exe

    • Size

      605KB

    • MD5

      8d2a432dbe2e5eb4e9224069b6980ff4

    • SHA1

      db492c4756b3231f429dcb71da15b0fa4d730515

    • SHA256

      1638c083198f2f684234c6a9cc4a33bb56739a7bc88b92838ed19740ddb1bf27

    • SHA512

      e1861d5ab121f12fa620ee9e968fec99fd8bb53e3d7461e000a0a6bd83fc23cb901fafb7f47bc43a17a69c6215b986ee7db83f2a4de29bed210374c000a24ff6

    • SSDEEP

      6144:+QzBb6AA2annHQ7812hvqZlZVGv0CTv5Sf5RlrV1vimS88H7L57niwRT9/gH2LEP:tzBb22akS2hvoxFVJimW1RT9/wX+

    Score
    1/10
    • Target

      About/samples/aspnetmvc/libraries/Pscx/Apps/EchoArgs.exe

    • Size

      12KB

    • MD5

      b9df69bc56e095291233335da74413a9

    • SHA1

      f252849b60198cdf4deebaeb23a30c99ccf37300

    • SHA256

      4d74cd03d10eccac8dd8cca7b6e65f7c8f66770ffe3779a4e8cd05234dfb557b

    • SHA512

      bc73f41d1e0b6b13dda4da079003a309c62923d9756adcd6c70864d0d09ea48540cd82f43851b15468e0b9241f252cb09f15fdcd36f6adcd0215560a688ed7fe

    • SSDEEP

      96:wySn+xpIKqzNtdq3CDxX4vH2oZOJjcD2ArH2GntOuWDeXtz1H2HYOksKLTpIoH2x:vxfM7EkX4fTAYTbOuWaNMYO6K6CYbYR

    Score
    1/10
    • Target

      About/samples/aspnetmvc/libraries/Pscx/Apps/less.exe

    • Size

      152KB

    • MD5

      1b9c86bed018d37cbeda49cf92eac52b

    • SHA1

      1cd19c8db1917cf32bfe1f66a16e3964762e5b93

    • SHA256

      ddcf4606772f675b3bc76402cfaacf65bc63cbe1b0514c0639bab09764617e7a

    • SHA512

      d1fd089d22f4fbf9d2aa1d0a83b877ad6ee1f758d4785592996a0cc20cdae51a2c2d1024caa9122e5d3bf41103eca406ccf4c6cc97f60b585ce9873eba12664d

    • SSDEEP

      3072:SANL2naAJl6CV87/+s9BXbwL0Jp6cw+6yZ722L9XSlXoRUW0:tLOY7zL3phV7249Xe

    Score
    1/10
    • Target

      About/samples/aspnetmvc/libraries/Pscx/Apps/lesskey.exe

    • Size

      56KB

    • MD5

      6267b0ce0ccab6e587c2b68dc13df5dd

    • SHA1

      5affd0da64306de00711a86b2175c940ded98062

    • SHA256

      0b89baddbc4ac718c753daef08ea3c1aed7b35f8957e4f8687eabb0c1bc30ba0

    • SHA512

      d56da145e1f10c032c446a21fd2a7f3cb1852e2c96d7563fed01296656875fcd05cc5c644711fac3e5371c132140734e9ae24b68a9707a22db61ec167b0e5fce

    • SSDEEP

      768:BqI0FSHh8bHEQX3SNobCBrgyz2A6fn2shpoKvp6:BlOtr3iNoMUyz2A6fnhoK

    Score
    1/10
    • Target

      About/samples/aspnetmvc4/.nuget/nuget.exe

    • Size

      605KB

    • MD5

      8d2a432dbe2e5eb4e9224069b6980ff4

    • SHA1

      db492c4756b3231f429dcb71da15b0fa4d730515

    • SHA256

      1638c083198f2f684234c6a9cc4a33bb56739a7bc88b92838ed19740ddb1bf27

    • SHA512

      e1861d5ab121f12fa620ee9e968fec99fd8bb53e3d7461e000a0a6bd83fc23cb901fafb7f47bc43a17a69c6215b986ee7db83f2a4de29bed210374c000a24ff6

    • SSDEEP

      6144:+QzBb6AA2annHQ7812hvqZlZVGv0CTv5Sf5RlrV1vimS88H7L57niwRT9/gH2LEP:tzBb22akS2hvoxFVJimW1RT9/wX+

    Score
    1/10
    • Target

      About/samples/aspnetmvc4/libraries/Pscx/Apps/EchoArgs.exe

    • Size

      12KB

    • MD5

      b9df69bc56e095291233335da74413a9

    • SHA1

      f252849b60198cdf4deebaeb23a30c99ccf37300

    • SHA256

      4d74cd03d10eccac8dd8cca7b6e65f7c8f66770ffe3779a4e8cd05234dfb557b

    • SHA512

      bc73f41d1e0b6b13dda4da079003a309c62923d9756adcd6c70864d0d09ea48540cd82f43851b15468e0b9241f252cb09f15fdcd36f6adcd0215560a688ed7fe

    • SSDEEP

      96:wySn+xpIKqzNtdq3CDxX4vH2oZOJjcD2ArH2GntOuWDeXtz1H2HYOksKLTpIoH2x:vxfM7EkX4fTAYTbOuWaNMYO6K6CYbYR

    Score
    1/10
    • Target

      About/samples/aspnetmvc4/libraries/Pscx/Apps/less.exe

    • Size

      152KB

    • MD5

      1b9c86bed018d37cbeda49cf92eac52b

    • SHA1

      1cd19c8db1917cf32bfe1f66a16e3964762e5b93

    • SHA256

      ddcf4606772f675b3bc76402cfaacf65bc63cbe1b0514c0639bab09764617e7a

    • SHA512

      d1fd089d22f4fbf9d2aa1d0a83b877ad6ee1f758d4785592996a0cc20cdae51a2c2d1024caa9122e5d3bf41103eca406ccf4c6cc97f60b585ce9873eba12664d

    • SSDEEP

      3072:SANL2naAJl6CV87/+s9BXbwL0Jp6cw+6yZ722L9XSlXoRUW0:tLOY7zL3phV7249Xe

    Score
    1/10
    • Target

      About/samples/aspnetmvc4/libraries/Pscx/Apps/lesskey.exe

    • Size

      56KB

    • MD5

      6267b0ce0ccab6e587c2b68dc13df5dd

    • SHA1

      5affd0da64306de00711a86b2175c940ded98062

    • SHA256

      0b89baddbc4ac718c753daef08ea3c1aed7b35f8957e4f8687eabb0c1bc30ba0

    • SHA512

      d56da145e1f10c032c446a21fd2a7f3cb1852e2c96d7563fed01296656875fcd05cc5c644711fac3e5371c132140734e9ae24b68a9707a22db61ec167b0e5fce

    • SSDEEP

      768:BqI0FSHh8bHEQX3SNobCBrgyz2A6fn2shpoKvp6:BlOtr3iNoMUyz2A6fnhoK

    Score
    1/10
    • Target

      Audaclty latest versions.exe

    • Size

      754.1MB

    • MD5

      71143dc49774e3712f91d02bec493c09

    • SHA1

      9e596fb4d6ede862ac38a6a9507102f3c560519f

    • SHA256

      7571cc54653c769818a540b25537195176a4997a22ba273fab47d2429e8502ee

    • SHA512

      e6988dbbb533ffd6e3b511b06e01925693ff1cf1bb9eb3228a83973adf44974e37b1d0155b4bb43074fec4ffda813ba36101d141ea691b90de65141725d7e97a

    • SSDEEP

      6144:eRH6o+yOQn0PlBZCBjPeMfoT5krV555555555555555555555555555555555558:c6lyY9GCmAz

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks