Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    view

  • Size

    83KB

  • Sample

    240325-we3naaee75

  • MD5

    ea11b9f8283f67be10f3c70d5f5fa778

  • SHA1

    dbcbab7679ea4f1956072f69b16279f78af1a39a

  • SHA256

    19deb2fb64f5f87160e3608268f86803ea624a5433b52e572e9392905ed0c434

  • SHA512

    f00ca799e88e20588dc60c26e392c3b1dfd0446cbaa128dd68a126b9ab11bdcf2181b87be040a9b3e765f9f1e301fd904e3867f33847a9d71f182b20a0991b1d

  • SSDEEP

    1536:NbuBJO8zzNVpnLnTMxDfnr/O9DwCIM4tWR+13C:wBUgIxDab5

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://iigggkkl.monster/newdrop.bs64

Targets

    • Target

      view

    • Size

      83KB

    • MD5

      ea11b9f8283f67be10f3c70d5f5fa778

    • SHA1

      dbcbab7679ea4f1956072f69b16279f78af1a39a

    • SHA256

      19deb2fb64f5f87160e3608268f86803ea624a5433b52e572e9392905ed0c434

    • SHA512

      f00ca799e88e20588dc60c26e392c3b1dfd0446cbaa128dd68a126b9ab11bdcf2181b87be040a9b3e765f9f1e301fd904e3867f33847a9d71f182b20a0991b1d

    • SSDEEP

      1536:NbuBJO8zzNVpnLnTMxDfnr/O9DwCIM4tWR+13C:wBUgIxDab5

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks