Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cce988ce6f...7a.exe

windows7-x64

6

cce988ce6f...7a.exe

windows10-2004-x64

10

⠨/start.vbs

windows7-x64

⠨/start.vbs

windows10-2004-x64

⠨/temp.bat

windows7-x64

⠨/temp.bat

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cce988ce6f528e02009122396aa4149091dbee5fbe8bcaabffaaa88ae02b127a.exe

  • Size

    521KB

  • Sample

    250318-kjhyws1qw5

  • MD5

    068c05b9f062da142d266a374866d3bb

  • SHA1

    315726e1015e1e69cf9645bda713f463e93a8755

  • SHA256

    cce988ce6f528e02009122396aa4149091dbee5fbe8bcaabffaaa88ae02b127a

  • SHA512

    25358882e596ed9299ef714e2168a70e7bceace7fafc9f61e10e2fb58b480b97f31af86ef08e553cfe69546aa8b056b09df696d5fa9e07e2784392e8bbd87156

  • SSDEEP

    12288:xfL5njsVlNucSkkMxi+FAbPr+rr6K+u03mlw0lsp5ie:xfL5njMnOMxw26KY3t0lOAe

Score
10/10
rhadamanthysdiscoveryexecutionstealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://216.250.255.115:80/bed1f869ae125/aqbrhghr.uhmsf

Targets

    • Target

      cce988ce6f528e02009122396aa4149091dbee5fbe8bcaabffaaa88ae02b127a.exe

    • Size

      521KB

    • MD5

      068c05b9f062da142d266a374866d3bb

    • SHA1

      315726e1015e1e69cf9645bda713f463e93a8755

    • SHA256

      cce988ce6f528e02009122396aa4149091dbee5fbe8bcaabffaaa88ae02b127a

    • SHA512

      25358882e596ed9299ef714e2168a70e7bceace7fafc9f61e10e2fb58b480b97f31af86ef08e553cfe69546aa8b056b09df696d5fa9e07e2784392e8bbd87156

    • SSDEEP

      12288:xfL5njsVlNucSkkMxi+FAbPr+rr6K+u03mlw0lsp5ie:xfL5njMnOMxw26KY3t0lOAe

    Score
    10/10
    discoveryexecutionrhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      ⠨/start.vbs

    • Size

      231B

    • MD5

      abe1dd23ab4c11aae54f1898c780c0b5

    • SHA1

      bb2f974b3e0af2baa40920b475582bfd4fb28001

    • SHA256

      89054e19532a9a62ca3403a8899495bf6f06557ff886b475a04227eb8aba7b12

    • SHA512

      e9ec437a32301078ea69ce2f36dadab68315d5e56d94c4d579d3409ccbe0c9e00c3aed7baa0fa6d656fb8ed23213f4c01fb2d108c1a0ed11c58c76cd00f9a99d

    Score
    1/10
    behavioral3behavioral4

    • Target

      ⠨/temp.bat

    • Size

      545KB

    • MD5

      1ab2d7cc96ad2b86edf74d5497b45def

    • SHA1

      baac72428aaff76788b6e0056b720c6920d0e6f8

    • SHA256

      1e23a11308681733cff73f23933670c4350cec867042bbe5f7ff54a6dcc1dd83

    • SHA512

      8b5a456b4a4c97e28b6e90735eb9a006e8afbcd3d588e04b7bd3ab24e20ef80e37cc08412cc421c0f465c148f5b1c181ea798585865bd82f9861c1a7351194a1

    • SSDEEP

      12288:pXL/2B/pCj7B4yHitIswk1Z4+zES361vtspCHXVX+NaD4ZELB9R3:pXL/2TC/BdHPswStESqBHFONe5X3

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks