Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ch3tHUB.exe

  • Size

    2.3MB

  • Sample

    240225-s8cgeafa72

  • MD5

    aaa141e36af7ec2ab10eb97fae862bbe

  • SHA1

    312aa1c0761b561d6ce065d35a744a205804ae85

  • SHA256

    5c8242a15f15acf2103be83a379c24b44bc5e5cd8adcb8fa9b93b4c3f5d576b0

  • SHA512

    0fe0b1d8053bc62898259cb3a49e316757316e81202bcc9b3718b734a6079f2460a6d79463d2a05e89e06762e0aee8ee5b67a3bd42004f5489e434ac79acc575

  • SSDEEP

    49152:x4vphxvoaq6x1yNx+mprM6eW/R9RDtSpTIdjIg0r:GhxJVx1y/+mprMARDtXjIg0r

Malware Config

Targets

    • Target

      ch3tHUB.exe

    • Size

      2.3MB

    • MD5

      aaa141e36af7ec2ab10eb97fae862bbe

    • SHA1

      312aa1c0761b561d6ce065d35a744a205804ae85

    • SHA256

      5c8242a15f15acf2103be83a379c24b44bc5e5cd8adcb8fa9b93b4c3f5d576b0

    • SHA512

      0fe0b1d8053bc62898259cb3a49e316757316e81202bcc9b3718b734a6079f2460a6d79463d2a05e89e06762e0aee8ee5b67a3bd42004f5489e434ac79acc575

    • SSDEEP

      49152:x4vphxvoaq6x1yNx+mprM6eW/R9RDtSpTIdjIg0r:GhxJVx1y/+mprMARDtXjIg0r

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks