Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1.msi

  • Size

    680KB

  • Sample

    230806-19mb1adg5x

  • MD5

    3035101d044a4425dbd5a523ace428c3

  • SHA1

    f08ecf54bb93077fc32cef5f6915ce569e38bed1

  • SHA256

    f4de4f89d51790fbcc5e69d1daec304ac0433179973bfcb1828c8691a0dc5e84

  • SHA512

    d60db29c92f219c9f69debc1ad1c50cf74b858c2e9e2bd4ed00f2bb6e1e9c8bbf7e9240ec11cc7e46cafc2a0651a462f2c6c1c42824b913bedf747a1b1dae9d0

  • SSDEEP

    12288:z6hgTBOyy3AhX+JP4OduQDNZ4hxUxBjcyHnUaK6BpefgRY1bHzv7F/EfO:W+dIu+zduQDD4hxUYy0Z6B4flbHLtEW

Score
10/10

Malware Config

Targets

    • Target

      1.msi

    • Size

      680KB

    • MD5

      3035101d044a4425dbd5a523ace428c3

    • SHA1

      f08ecf54bb93077fc32cef5f6915ce569e38bed1

    • SHA256

      f4de4f89d51790fbcc5e69d1daec304ac0433179973bfcb1828c8691a0dc5e84

    • SHA512

      d60db29c92f219c9f69debc1ad1c50cf74b858c2e9e2bd4ed00f2bb6e1e9c8bbf7e9240ec11cc7e46cafc2a0651a462f2c6c1c42824b913bedf747a1b1dae9d0

    • SSDEEP

      12288:z6hgTBOyy3AhX+JP4OduQDNZ4hxUxBjcyHnUaK6BpefgRY1bHzv7F/EfO:W+dIu+zduQDD4hxUYy0Z6B4flbHLtEW

    Score
    10/10
    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks