Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

ddd.ps1

windows7-x64

7

ddd.ps1

windows10-2004-x64

10

Resubmissions

07/03/2025, 19:55

250307-ynad7swms2 10

07/03/2025, 17:58

250307-wj7g2atzet 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddd.ps1

  • Size

    2.4MB

  • Sample

    250307-wj7g2atzet

  • MD5

    5b322ca0eb9655beaf39e4453d141cd2

  • SHA1

    b556cbaf50c2b77fd73d4386f068f0bbffe7504d

  • SHA256

    b2082d4666cd9eb57896b04058438fad6a268e504d877b908ae276b3c68799fe

  • SHA512

    0648609146167599498b41bdb97c02eb0947ba03e44ee63c3448bd6b2508b4bd7054a63671c12120b01240bba810489da68e3f79dc2a7674447ad760127dcc1b

  • SSDEEP

    1536:P26vgn00oR/S7rdvtk76qu6p5LSTFPNWdD7uHzgjw8b560jSKkjptOVNjC5GGQli:bYf

Score
10/10
rhadamanthysdiscoveryexecutionpersistencestealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://94.156.71.221:1485/ba9365b02ebb09b86/kscmx9w7.etux2

Targets

    • Target

      ddd.ps1

    • Size

      2.4MB

    • MD5

      5b322ca0eb9655beaf39e4453d141cd2

    • SHA1

      b556cbaf50c2b77fd73d4386f068f0bbffe7504d

    • SHA256

      b2082d4666cd9eb57896b04058438fad6a268e504d877b908ae276b3c68799fe

    • SHA512

      0648609146167599498b41bdb97c02eb0947ba03e44ee63c3448bd6b2508b4bd7054a63671c12120b01240bba810489da68e3f79dc2a7674447ad760127dcc1b

    • SSDEEP

      1536:P26vgn00oR/S7rdvtk76qu6p5LSTFPNWdD7uHzgjw8b560jSKkjptOVNjC5GGQli:bYf

    Score
    10/10
    executionpersistencerhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks