Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    2.0MB

  • Sample

    230721-emgmcace9v

  • MD5

    ff4935241191b1017e3ef60e158fb28f

  • SHA1

    464fd2f9530339ce4861c6d2e23dadee87084521

  • SHA256

    cc47a755cad89d339a18d728e66aa2ff7caadff4af4adfd03ff55c86487fb1b9

  • SHA512

    1842801d7edbf5123920164ed3cf133f4c4ea2a2b1fd7c3b585de17c21e9fc9ba6a09596e02660ea394123ef76a0d22190114774ee685ac9c1ba225c9778709d

  • SSDEEP

    12288:V7TFRh2N5x3BJm7ACTUGpzXn+2/zPObQEoOk:RFj2tjm7JTUGNXn+Bb4O

Malware Config

Targets

    • Target

      tmp

    • Size

      2.0MB

    • MD5

      ff4935241191b1017e3ef60e158fb28f

    • SHA1

      464fd2f9530339ce4861c6d2e23dadee87084521

    • SHA256

      cc47a755cad89d339a18d728e66aa2ff7caadff4af4adfd03ff55c86487fb1b9

    • SHA512

      1842801d7edbf5123920164ed3cf133f4c4ea2a2b1fd7c3b585de17c21e9fc9ba6a09596e02660ea394123ef76a0d22190114774ee685ac9c1ba225c9778709d

    • SSDEEP

      12288:V7TFRh2N5x3BJm7ACTUGpzXn+2/zPObQEoOk:RFj2tjm7JTUGNXn+Bb4O

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks