Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
agreement.zip
-
Size
4.4MB
-
Sample
250319-xnq7aatrw8
-
MD5
f1d9bc350ac56533f0a66b5fd91638a8
-
SHA1
09681b217b5b449f2afc9e698b42b39d859ec746
-
SHA256
55043d7a46d6af5c01cc976b83d2aef464ab1a6c8a5d3aab78e98f5dcaf3d087
-
SHA512
f3ebf003a6eb82ac99f03b002c0586476478a511677432be2c0516999821f21da807b4db3c49c9cddf88a5353d5f2987bcaf93be60f2a3ee54312805022ee48b
-
SSDEEP
98304:McCt7twUsagEsyArkiPSdxNU9si43etVfC3lxFXI2qDxBIF6mwma1B4:RCt7tw9EsZJGuPC3lxqDxBNm81u
Malware Config
Targets
-
-
Target
agreement
-
Size
4.4MB
-
MD5
4eba0ef4de1fc24c1da0af9a2cf241bd
-
SHA1
95db57022873966109111c79676e23669b70da20
-
SHA256
6e3c1e99ff62da0a2ac7e2bc89d61b515743a8074eb6559ff4328c98b0a0b4b7
-
SHA512
724ce4c420016d0d637e6fddafc8739970de5cb79aab2b832edd675703c985ec5365493dfee7e1dc955f273bc8db8fa9aa23652a02560d681cfaa27cb1b5789c
-
SSDEEP
98304:paldb5xT4nnk+KxSex9qQGDxE2dFsJcHztt4KbJ58BiJTsNa:UlRTn+eSrv7fsaHzzL/MZN
Score10/10-
Detects Rhadamanthys payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-