Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
66f138849b45ba75c5e99484739c990056387b676eeadf66e32f1f27dd6b9c6d.exe
-
Size
935KB
-
Sample
250318-e1ckjst1gv
-
MD5
e4fbe0286a7802d4a7cd91a3d55d9f3c
-
SHA1
320869f193d91388ae4c2337a91d7545ca0a201a
-
SHA256
66f138849b45ba75c5e99484739c990056387b676eeadf66e32f1f27dd6b9c6d
-
SHA512
36acfe26eded83721d7d35d9441342ea8e6a61da20ded05493e4cf9a88995ad52dedbd81229f3d31f670adf058b3e1696e8359af60e59dca8db847cd54daad9b
-
SSDEEP
24576:GbTeCswwSe/fDyBvSGy45nJtYsf8J7f7VvgWncL3f5llrINn9Ra7I7:8vdwH/LyBvg+JKsf8JzFgWcDf5m9M7m
Malware Config
Extracted
rhadamanthys
https://94.156.8.103:2055/efc85e6acdfc3a785/r5erbrlf.2oeme
Targets
-
-
Target
66f138849b45ba75c5e99484739c990056387b676eeadf66e32f1f27dd6b9c6d.exe
-
Size
935KB
-
MD5
e4fbe0286a7802d4a7cd91a3d55d9f3c
-
SHA1
320869f193d91388ae4c2337a91d7545ca0a201a
-
SHA256
66f138849b45ba75c5e99484739c990056387b676eeadf66e32f1f27dd6b9c6d
-
SHA512
36acfe26eded83721d7d35d9441342ea8e6a61da20ded05493e4cf9a88995ad52dedbd81229f3d31f670adf058b3e1696e8359af60e59dca8db847cd54daad9b
-
SSDEEP
24576:GbTeCswwSe/fDyBvSGy45nJtYsf8J7f7VvgWncL3f5llrINn9Ra7I7:8vdwH/LyBvg+JKsf8JzFgWcDf5m9M7m
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-