Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    7.0MB

  • Sample

    240222-a326rshd2w

  • MD5

    c8db2f9f25b602a5767c4ef64e91edf5

  • SHA1

    e3cd3c6fb74566ec4bfd60d3b60caec663e4b70d

  • SHA256

    9d3e7d4692c6af50fd2a5f53aadff9af93494ec76523ecb5d8d58c0bb7239f0d

  • SHA512

    0a559392dd1bfa42e79332e96b4bc9f67a56ff1783e6437b92dbce79c4b9bdd0244004c2ab9f4260726640eb76ec1dcd86b5374f07e7aadb5d0d0248e1ac3faa

  • SSDEEP

    98304:k9EcV/SME07imZBM0cqXyQTbsC27fD4J09hoPbrzk56M:k9xVSMHjM04vCoM075QM

Malware Config

Extracted

Family

rhadamanthys

C2

https://94.156.8.76:4283/f4c10475f694ccdacf6c7/c7obtbv3.jwqfn

Targets

    • Target

      file.exe

    • Size

      7.0MB

    • MD5

      c8db2f9f25b602a5767c4ef64e91edf5

    • SHA1

      e3cd3c6fb74566ec4bfd60d3b60caec663e4b70d

    • SHA256

      9d3e7d4692c6af50fd2a5f53aadff9af93494ec76523ecb5d8d58c0bb7239f0d

    • SHA512

      0a559392dd1bfa42e79332e96b4bc9f67a56ff1783e6437b92dbce79c4b9bdd0244004c2ab9f4260726640eb76ec1dcd86b5374f07e7aadb5d0d0248e1ac3faa

    • SSDEEP

      98304:k9EcV/SME07imZBM0cqXyQTbsC27fD4J09hoPbrzk56M:k9xVSMHjM04vCoM075QM

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks