Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
rdamy (1).zip
-
Size
577KB
-
Sample
240610-wpd3nsvhrj
-
MD5
77a7361c39bc68feff4eec8c0be71226
-
SHA1
f3e6d9bb49c646dcfbaf8a97e056da0c06ec9ec5
-
SHA256
c864ab5ef50b025944037f9ee0feec332ca62a734f7650e6c411617d1b7dc174
-
SHA512
e86011b3d57096563b5c841fcf2086334bb8aac89042f388b385b1f24c1832de5f18e074b1983e3e3cf7ec39c72e29b7796d448e19ff9eae82455be078b5bc76
-
SSDEEP
12288:+REEFAAyYO4y4P+6cGTpmO1uWaBO0GF9CqM:OEEtO4y4m6NFduW0OD6
Static task
static1
Behavioral task
behavioral1
Sample
g2m.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
g2m.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
install.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
install.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
run.bat
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
run.bat
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
g2m.dll
-
Size
400KB
-
MD5
9e0c959df25e74c80dfa5adba4eaa5c7
-
SHA1
9c5a3ed851e32617b1b294bb2c749a60988439d1
-
SHA256
d1b14d951ccaafc14ab24992678b2fee915838bbc89a32944833268cbba10f68
-
SHA512
36520d6e61833ce446b4e9f01c065bc08f47e91a3125305c5d0fe27f01f2cc19be59c9b4eacc6f0b8fc74536b718decccc7aa1aac8e9de5e685d1893e10a786a
-
SSDEEP
6144:Nt262Yh8H++Xz5YRa5bfpLECjVllx76r2xaP23O/d120:HIF+8Rx4CJTx76r2xaYOO
Score3/10 -
-
-
Target
install.exe
-
Size
39KB
-
MD5
f1b14f71252de9ac763dbfbfbfc8c2dc
-
SHA1
dcc2dcb26c1649887f1d5ae557a000b5fe34bb98
-
SHA256
796ea1d27ed5825e300c3c9505a87b2445886623235f3e41258de90ba1604cd5
-
SHA512
636a32fb8a88a542783aa57fe047b6bca47b2bd23b41b3902671c4e9036c6dbb97576be27fd2395a988653e6b63714277873e077519b4a06cdc5f63d3c4224e0
-
SSDEEP
768:YRQnUhG5bZDOTpkdD82YbQkRFokFWIILPUh:FWObZDOTpk5T6zqAh
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
-
-
Target
run.bat
-
Size
73B
-
MD5
ed0af6063e22a6abf2073ba2321a9731
-
SHA1
0142b9f8e7518951113104f13e53c1fa24bd654a
-
SHA256
c9ee9421067791957a1382ef092232b20ed90ba30feb6bd2d6c16c86307e9e16
-
SHA512
02c24d1189114ecacc78adcdd7e0e6331ac8c349e70b382ed964d2d57c9456e7891092cc5bf224a126522073b0164eec1eba3e5e16eff3c81254aba1d1ca9b88
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-