Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2b2e95a48b3fb8c4c4cf15ed435cba20901264df8f80d86fb640394160ffc7b6
-
Size
2.1MB
-
Sample
230306-fe9tlaab8z
-
MD5
5e301df2dbea93396ebca06768da3846
-
SHA1
a723e38bded7a02aa51d08d0589a385406eaa9df
-
SHA256
2b2e95a48b3fb8c4c4cf15ed435cba20901264df8f80d86fb640394160ffc7b6
-
SHA512
809709579ed76aadfdeccb94b60d81f54cb1a5589bcc9cd6abb1479a1e096e417326387bdacd9cbebae2982a2a67300254911871a941d978b4bd65e8ecbb54e4
-
SSDEEP
24576:idtm5KNlea8fiEpuNDS4LwGaVr0jEYnt7Fs1JaPGzfR69AwDUJ32Y0w4syC73A8a:+Tlea8fRkNhtwYnVCaSEy44r7i
Malware Config
Targets
-
-
Target
2b2e95a48b3fb8c4c4cf15ed435cba20901264df8f80d86fb640394160ffc7b6
-
Size
2.1MB
-
MD5
5e301df2dbea93396ebca06768da3846
-
SHA1
a723e38bded7a02aa51d08d0589a385406eaa9df
-
SHA256
2b2e95a48b3fb8c4c4cf15ed435cba20901264df8f80d86fb640394160ffc7b6
-
SHA512
809709579ed76aadfdeccb94b60d81f54cb1a5589bcc9cd6abb1479a1e096e417326387bdacd9cbebae2982a2a67300254911871a941d978b4bd65e8ecbb54e4
-
SSDEEP
24576:idtm5KNlea8fiEpuNDS4LwGaVr0jEYnt7Fs1JaPGzfR69AwDUJ32Y0w4syC73A8a:+Tlea8fRkNhtwYnVCaSEy44r7i
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-