Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tmp
-
Size
2.0MB
-
Sample
230721-emgmcace9v
-
MD5
ff4935241191b1017e3ef60e158fb28f
-
SHA1
464fd2f9530339ce4861c6d2e23dadee87084521
-
SHA256
cc47a755cad89d339a18d728e66aa2ff7caadff4af4adfd03ff55c86487fb1b9
-
SHA512
1842801d7edbf5123920164ed3cf133f4c4ea2a2b1fd7c3b585de17c21e9fc9ba6a09596e02660ea394123ef76a0d22190114774ee685ac9c1ba225c9778709d
-
SSDEEP
12288:V7TFRh2N5x3BJm7ACTUGpzXn+2/zPObQEoOk:RFj2tjm7JTUGNXn+Bb4O
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
tmp
-
Size
2.0MB
-
MD5
ff4935241191b1017e3ef60e158fb28f
-
SHA1
464fd2f9530339ce4861c6d2e23dadee87084521
-
SHA256
cc47a755cad89d339a18d728e66aa2ff7caadff4af4adfd03ff55c86487fb1b9
-
SHA512
1842801d7edbf5123920164ed3cf133f4c4ea2a2b1fd7c3b585de17c21e9fc9ba6a09596e02660ea394123ef76a0d22190114774ee685ac9c1ba225c9778709d
-
SSDEEP
12288:V7TFRh2N5x3BJm7ACTUGpzXn+2/zPObQEoOk:RFj2tjm7JTUGNXn+Bb4O
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-