Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2024-09-07_7d6a9c662d3313b3f858e7402ca13424_icedid_rhadamanthys
-
Size
1.1MB
-
Sample
240907-be3caswhkk
-
MD5
7d6a9c662d3313b3f858e7402ca13424
-
SHA1
19bb029f7d293be3dff664bf8f8da41ff637b0c2
-
SHA256
fe4cb814defa8a705926e5bde1958b91dc0bbb55d94e5863cccf131bfb8a1e96
-
SHA512
b85316df04509bf72885f94eec3dc1c6ac2d47be2bcf6c8d073ebcce118c9342292df9b6f22f31e5730e76f1dea2cee2a601e4b42928a0c662867a50d4627a0e
-
SSDEEP
24576:pZhTYPY+5ayew4S1HYeE82okDn8J+BHkBS4qwo7I3Bou5vXOeZLWp3iLA:pvkr5a8F5YeEpocn8J+BHkBS4qwo7I3y
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-07_7d6a9c662d3313b3f858e7402ca13424_icedid_rhadamanthys.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-07_7d6a9c662d3313b3f858e7402ca13424_icedid_rhadamanthys.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
asyncrat
1.0.7
ENVIOSEP
windowsreportservice.duckdns.org:8848
VvSKPOa_nkuzuiiJTmshnA
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
2024-09-07_7d6a9c662d3313b3f858e7402ca13424_icedid_rhadamanthys
-
Size
1.1MB
-
MD5
7d6a9c662d3313b3f858e7402ca13424
-
SHA1
19bb029f7d293be3dff664bf8f8da41ff637b0c2
-
SHA256
fe4cb814defa8a705926e5bde1958b91dc0bbb55d94e5863cccf131bfb8a1e96
-
SHA512
b85316df04509bf72885f94eec3dc1c6ac2d47be2bcf6c8d073ebcce118c9342292df9b6f22f31e5730e76f1dea2cee2a601e4b42928a0c662867a50d4627a0e
-
SSDEEP
24576:pZhTYPY+5ayew4S1HYeE82okDn8J+BHkBS4qwo7I3Bou5vXOeZLWp3iLA:pvkr5a8F5YeEpocn8J+BHkBS4qwo7I3y
Score10/10-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-