Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    setup.exe

  • Size

    337KB

  • Sample

    230414-bedc6sgg2z

  • MD5

    549b4969e6c19a9da8cc01cc569ebda1

  • SHA1

    ce157b8936f936f4b4475c104636a941ac5b80b1

  • SHA256

    d5c4f26dc62481afd19c0f66a0955270eb5a1aaec1d49da9aff2e0038656370c

  • SHA512

    433851f5d4b84d9c1f1dca2c8d824b8a21c2242344fbaf16e0d124cc854c3499279f8c0ba5e78ee418a0b9c9f929db09e8633ea13fbc5c41c13e810e52eae89a

  • SSDEEP

    6144:H8Crle4ePCnBZFALyInuUI1VZmdaXR/fYhppCAr:H8CrlePCnzFAvndvaB/3

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      setup.exe

    • Size

      337KB

    • MD5

      549b4969e6c19a9da8cc01cc569ebda1

    • SHA1

      ce157b8936f936f4b4475c104636a941ac5b80b1

    • SHA256

      d5c4f26dc62481afd19c0f66a0955270eb5a1aaec1d49da9aff2e0038656370c

    • SHA512

      433851f5d4b84d9c1f1dca2c8d824b8a21c2242344fbaf16e0d124cc854c3499279f8c0ba5e78ee418a0b9c9f929db09e8633ea13fbc5c41c13e810e52eae89a

    • SSDEEP

      6144:H8Crle4ePCnBZFALyInuUI1VZmdaXR/fYhppCAr:H8CrlePCnzFAvndvaB/3

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks