Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
view
-
Size
83KB
-
Sample
240325-we3naaee75
-
MD5
ea11b9f8283f67be10f3c70d5f5fa778
-
SHA1
dbcbab7679ea4f1956072f69b16279f78af1a39a
-
SHA256
19deb2fb64f5f87160e3608268f86803ea624a5433b52e572e9392905ed0c434
-
SHA512
f00ca799e88e20588dc60c26e392c3b1dfd0446cbaa128dd68a126b9ab11bdcf2181b87be040a9b3e765f9f1e301fd904e3867f33847a9d71f182b20a0991b1d
-
SSDEEP
1536:NbuBJO8zzNVpnLnTMxDfnr/O9DwCIM4tWR+13C:wBUgIxDab5
Static task
static1
Behavioral task
behavioral1
Sample
view.html
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://iigggkkl.monster/newdrop.bs64
Targets
-
-
Target
view
-
Size
83KB
-
MD5
ea11b9f8283f67be10f3c70d5f5fa778
-
SHA1
dbcbab7679ea4f1956072f69b16279f78af1a39a
-
SHA256
19deb2fb64f5f87160e3608268f86803ea624a5433b52e572e9392905ed0c434
-
SHA512
f00ca799e88e20588dc60c26e392c3b1dfd0446cbaa128dd68a126b9ab11bdcf2181b87be040a9b3e765f9f1e301fd904e3867f33847a9d71f182b20a0991b1d
-
SSDEEP
1536:NbuBJO8zzNVpnLnTMxDfnr/O9DwCIM4tWR+13C:wBUgIxDab5
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-