Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bootstrap.zip

  • Size

    2.3MB

  • Sample

    250210-s3qrvawmcp

  • MD5

    7ea5c504256572666654c6f12f100e87

  • SHA1

    428f7953eb3d96ccfe3fd55893def7d97f550e6c

  • SHA256

    498a264e7f2a6449c7886e1d7edffaff47dd3efbec822b093e501329734833ee

  • SHA512

    6b568da61ee2b3689cf8df371e25f531b3bdb98110da0edf782099c5fc61d98c501165defa35131cc0cf8faf641abedf4eff3259230c01dbcd375d80ca24d05d

  • SSDEEP

    49152:6yrXFFEbgA9jzBHwwQq0WDx3h1HNqXYls+FUdJ0zEQK2:/Fap3H1QArt+Yls+FUdCQL2

Malware Config

Targets

    • Target

      bootstrap.zip

    • Size

      2.3MB

    • MD5

      7ea5c504256572666654c6f12f100e87

    • SHA1

      428f7953eb3d96ccfe3fd55893def7d97f550e6c

    • SHA256

      498a264e7f2a6449c7886e1d7edffaff47dd3efbec822b093e501329734833ee

    • SHA512

      6b568da61ee2b3689cf8df371e25f531b3bdb98110da0edf782099c5fc61d98c501165defa35131cc0cf8faf641abedf4eff3259230c01dbcd375d80ca24d05d

    • SSDEEP

      49152:6yrXFFEbgA9jzBHwwQq0WDx3h1HNqXYls+FUdJ0zEQK2:/Fap3H1QArt+Yls+FUdCQL2

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Enumerates VirtualBox registry keys

    • Looks for VirtualBox Guest Additions in registry

    • Downloads MZ/PE file

    • Looks for VMWare services registry key.

    • Uses the VBS compiler for execution

MITRE ATT&CK Enterprise v15

Tasks