Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5518e24938aa7a1fee3da824d88065472d1ceeef40727741845de2cbb8bdcda4

  • Size

    410KB

  • Sample

    230420-yea95sca26

  • MD5

    ed5d75367cf200ddbf6b7458af48b2ba

  • SHA1

    f237a63dee39c60ba717722f4af6043907c06872

  • SHA256

    5518e24938aa7a1fee3da824d88065472d1ceeef40727741845de2cbb8bdcda4

  • SHA512

    8157aa84372a29f0900fab5e9127817fd0f61b4fcfb8e28e8fc1e2a2475b13a65a61103d7f34fe8ad9d488bc03c9149bdd0db075da97a614ead4667c800d0f4f

  • SSDEEP

    6144:oOVE0CL8rcTzMxHD1xNh8En3V3ob/FLDP35AwmlsFW:VV/CLccTzM1DNh8E3loVP34GFW

Malware Config

Extracted

Family

rhadamanthys

C2

http://179.43.142.201/img/favicon.png

Targets

    • Target

      5518e24938aa7a1fee3da824d88065472d1ceeef40727741845de2cbb8bdcda4

    • Size

      410KB

    • MD5

      ed5d75367cf200ddbf6b7458af48b2ba

    • SHA1

      f237a63dee39c60ba717722f4af6043907c06872

    • SHA256

      5518e24938aa7a1fee3da824d88065472d1ceeef40727741845de2cbb8bdcda4

    • SHA512

      8157aa84372a29f0900fab5e9127817fd0f61b4fcfb8e28e8fc1e2a2475b13a65a61103d7f34fe8ad9d488bc03c9149bdd0db075da97a614ead4667c800d0f4f

    • SSDEEP

      6144:oOVE0CL8rcTzMxHD1xNh8En3V3ob/FLDP35AwmlsFW:VV/CLccTzM1DNh8E3loVP34GFW

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks