Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/02/2024, 20:29

240217-y9yzpabb28 10

17/02/2024, 20:20

240217-y4ry7aba54 7

General

  • Target

    Launcher Setup 9.4.0.exe

  • Size

    80.5MB

  • Sample

    240217-y9yzpabb28

  • MD5

    5301c201d43582969608deb750c031d1

  • SHA1

    e0c81f24c1e7dfdbdbe4b6a88f06c16be264dc44

  • SHA256

    0f2fc74204872d5d29737e90ace73bd23edaa2e5af8211669f2a90a0a4767ae7

  • SHA512

    6a3781a72503d9475362f95ca798f0e6798e57fc69c17ec0b3b857b199f6cf5fbe4e7a57987b8eefa2aad7a69f39b3212896ff997413012225da772c1f27c86d

  • SSDEEP

    1572864:92b+n6npC5ZhWkKV0mxFee1STuEWSzPGZq5xGGmG6qcK2V78QrOptItrjYpi:92Sn6npCokE0O1STuEWSCZqfGGdTtQrb

Score
10/10

Malware Config

Targets

    • Target

      $PLUGINSDIR/app-64.7z

    • Size

      80.0MB

    • MD5

      3ee37c0a040d01b12c017d5910d9d2a0

    • SHA1

      4722278c4de0742dcbaf92bbc73a1b0ecb44ab4a

    • SHA256

      0b749b5d1a9c699ddb5fec5ffd600ba7ca15f410e54bc6bc5f2f834f69a46cb4

    • SHA512

      6ad9ce42b0f0f0d2740b7899aaf776214f0ead4f649957e457150db38442f9a03d44ad74d7e60c59c4d38de57442cde360d3ce15bb05fee5d9fad87ab59f4ab5

    • SSDEEP

      1572864:ab+n6npC5ZhWkKV0mxFee1STuEWSzPGZq5xGGmG6qcK2V78QrOptItrjYpT:aSn6npCokE0O1STuEWSCZqfGGdTtQrOR

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks