Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Xeno[1].exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Xeno[1].exe

  • Size

    1.3MB

  • Sample

    250313-sh9dfsyk14

  • MD5

    0435617ec5199d7968cfe3aa59b00dd9

  • SHA1

    6391174a55a9f12ce962f62fad945fcc13456526

  • SHA256

    4919eb2ba14a5320af7060ec482746ad471d43e649a80965b3fdecc768dd2511

  • SHA512

    c1bc509ac05a6f0fa6440eca3ae78b302163a4b788d3d7b1f8ba1a74e11e784b365ca7c4ca09ccdfc2744d4903deffc08f7d38d4d26b3fcc8cbb061c2e7f08ff

  • SSDEEP

    24576:D3uitxLGgKbQO5adoRsKBL5sTAPCCkMnoMtq61jBa+g2e1J6s0vCm9K/1D2tIs+W:jrxXKbJadaJ5D3J/DxU+gr1Juam09mIC

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      Xeno[1].exe

    • Size

      1.3MB

    • MD5

      0435617ec5199d7968cfe3aa59b00dd9

    • SHA1

      6391174a55a9f12ce962f62fad945fcc13456526

    • SHA256

      4919eb2ba14a5320af7060ec482746ad471d43e649a80965b3fdecc768dd2511

    • SHA512

      c1bc509ac05a6f0fa6440eca3ae78b302163a4b788d3d7b1f8ba1a74e11e784b365ca7c4ca09ccdfc2744d4903deffc08f7d38d4d26b3fcc8cbb061c2e7f08ff

    • SSDEEP

      24576:D3uitxLGgKbQO5adoRsKBL5sTAPCCkMnoMtq61jBa+g2e1J6s0vCm9K/1D2tIs+W:jrxXKbJadaJ5D3J/DxU+gr1Juam09mIC

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks