Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

7bcf325993...18.lnk

windows7-x64

10

7bcf325993...18.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7bcf325993d873a5dc95ac8ffb5f25eb_JaffaCakes118

  • Size

    2KB

  • Sample

    240528-fts5dsgf95

  • MD5

    7bcf325993d873a5dc95ac8ffb5f25eb

  • SHA1

    d40d48977261656e9ebc98397baceb0d04539578

  • SHA256

    4b269a6e40b9b7c7c8068e046c1ff815ac917699943597e8a9e512ef60cc685f

  • SHA512

    c5f1ec4cb54e33d6541651531db9a771aeac817bb2ea94ee52b807984af4df029a64028c1c47d47c27611dfd3757fb144e2d0f91fda98828ddd1c7ba19593010

Score
10/10
rhadamanthysexecutionstealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://timebound.ug/pps.ps1

Targets

    • Target

      7bcf325993d873a5dc95ac8ffb5f25eb_JaffaCakes118

    • Size

      2KB

    • MD5

      7bcf325993d873a5dc95ac8ffb5f25eb

    • SHA1

      d40d48977261656e9ebc98397baceb0d04539578

    • SHA256

      4b269a6e40b9b7c7c8068e046c1ff815ac917699943597e8a9e512ef60cc685f

    • SHA512

      c5f1ec4cb54e33d6541651531db9a771aeac817bb2ea94ee52b807984af4df029a64028c1c47d47c27611dfd3757fb144e2d0f91fda98828ddd1c7ba19593010

    Score
    10/10
    rhadamanthysexecutionstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks