Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    354KB

  • Sample

    230320-q1tplsfg4w

  • MD5

    106a4c802d26a34f5ead4b9c15971c15

  • SHA1

    b09496a5df259e0c8cafaca963c8130262bb4577

  • SHA256

    44bbc70a8c46287e4fc94878b6c5c3d781b536ceef5e544d680bfb2117324fc0

  • SHA512

    abc1dce6c0a0b9ca67f33b48dabc0764d6b8a1cfc56c4425325aded360040e66878779a7b445e4b9bf81f4f72b8343d9754c23fab6c63a9ae1c95fba69ff6f4a

  • SSDEEP

    3072:nvfa9u07L/FD/XUSzrtmb6AyHTHiS1XTura6LcGlH7cTDzbksK5sUJJhM:3MucL/FDvUSz0h2HiS16mnGVozIwUDh

Malware Config

Targets

    • Target

      file.exe

    • Size

      354KB

    • MD5

      106a4c802d26a34f5ead4b9c15971c15

    • SHA1

      b09496a5df259e0c8cafaca963c8130262bb4577

    • SHA256

      44bbc70a8c46287e4fc94878b6c5c3d781b536ceef5e544d680bfb2117324fc0

    • SHA512

      abc1dce6c0a0b9ca67f33b48dabc0764d6b8a1cfc56c4425325aded360040e66878779a7b445e4b9bf81f4f72b8343d9754c23fab6c63a9ae1c95fba69ff6f4a

    • SSDEEP

      3072:nvfa9u07L/FD/XUSzrtmb6AyHTHiS1XTura6LcGlH7cTDzbksK5sUJJhM:3MucL/FDvUSz0h2HiS16mnGVozIwUDh

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks