Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2b2e95a48b3fb8c4c4cf15ed435cba20901264df8f80d86fb640394160ffc7b6

  • Size

    2.1MB

  • Sample

    230306-fe9tlaab8z

  • MD5

    5e301df2dbea93396ebca06768da3846

  • SHA1

    a723e38bded7a02aa51d08d0589a385406eaa9df

  • SHA256

    2b2e95a48b3fb8c4c4cf15ed435cba20901264df8f80d86fb640394160ffc7b6

  • SHA512

    809709579ed76aadfdeccb94b60d81f54cb1a5589bcc9cd6abb1479a1e096e417326387bdacd9cbebae2982a2a67300254911871a941d978b4bd65e8ecbb54e4

  • SSDEEP

    24576:idtm5KNlea8fiEpuNDS4LwGaVr0jEYnt7Fs1JaPGzfR69AwDUJ32Y0w4syC73A8a:+Tlea8fRkNhtwYnVCaSEy44r7i

Malware Config

Targets

    • Target

      2b2e95a48b3fb8c4c4cf15ed435cba20901264df8f80d86fb640394160ffc7b6

    • Size

      2.1MB

    • MD5

      5e301df2dbea93396ebca06768da3846

    • SHA1

      a723e38bded7a02aa51d08d0589a385406eaa9df

    • SHA256

      2b2e95a48b3fb8c4c4cf15ed435cba20901264df8f80d86fb640394160ffc7b6

    • SHA512

      809709579ed76aadfdeccb94b60d81f54cb1a5589bcc9cd6abb1479a1e096e417326387bdacd9cbebae2982a2a67300254911871a941d978b4bd65e8ecbb54e4

    • SSDEEP

      24576:idtm5KNlea8fiEpuNDS4LwGaVr0jEYnt7Fs1JaPGzfR69AwDUJ32Y0w4syC73A8a:+Tlea8fRkNhtwYnVCaSEy44r7i

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks