Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b93f7881155103cb85a167145bbe594b.bin.exe

  • Size

    7.4MB

  • Sample

    240804-jlyxfsvaqb

  • MD5

    4bbc93cc56bf15816d8ce4ddc23a6a17

  • SHA1

    d9f560d25157fc978c7b5c0f216c21958687a7d5

  • SHA256

    7716fc431a6486354a6f450cdd275e05c63ae8bb7614cf8ad4509e1c67427a95

  • SHA512

    46d359082e10b7c4b5b012678b99c8bb618b5190713aa9c7c972cef4bdec8a922bb3a30c4ef77b2d7b603e0c27cb64dd4312736c9c4830faa23a059e626a7152

  • SSDEEP

    98304:diMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwqWfm1Rqvn:Yi68xQ+zLJOZwjgZ7CfaRSn

Malware Config

Extracted

Family

rhadamanthys

C2

https://109.120.185.28:443/e0bd9c1f4515facb49/gj28n35o.2n73x

Targets

    • Target

      b93f7881155103cb85a167145bbe594b.bin.exe

    • Size

      7.4MB

    • MD5

      4bbc93cc56bf15816d8ce4ddc23a6a17

    • SHA1

      d9f560d25157fc978c7b5c0f216c21958687a7d5

    • SHA256

      7716fc431a6486354a6f450cdd275e05c63ae8bb7614cf8ad4509e1c67427a95

    • SHA512

      46d359082e10b7c4b5b012678b99c8bb618b5190713aa9c7c972cef4bdec8a922bb3a30c4ef77b2d7b603e0c27cb64dd4312736c9c4830faa23a059e626a7152

    • SSDEEP

      98304:diMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwqWfm1Rqvn:Yi68xQ+zLJOZwjgZ7CfaRSn

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Hijackloader family

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.