General
-
Target
980f95b0766b6becd04bd1efd38f357fca9779b2a506273d25db81a93deadaaf
-
Size
215KB
-
Sample
221217-yavg8ahc94
-
MD5
7556145940a7a9ff2e9a3339611e37cc
-
SHA1
1253636bed1dad00ff1e44fbe5f40f4d0ec5398b
-
SHA256
980f95b0766b6becd04bd1efd38f357fca9779b2a506273d25db81a93deadaaf
-
SHA512
95713809db3f21f578d7e0699bd864e27a06832a45e228560bfe92dfe1ee5d35a797c04ae38103951dbe217c975cc675edb29efdacf4519ca6d65cefb2fbc097
-
SSDEEP
6144:N9l9aLZX4s5pDayGfMWSPbt6wsg3CDLHU0V6:jlwlIsKNfpaYqSf0O
Static task
static1
Behavioral task
behavioral1
Sample
980f95b0766b6becd04bd1efd38f357fca9779b2a506273d25db81a93deadaaf.exe
Resource
win10-20220812-en
Malware Config
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
type
loader
Targets
-
-
Target
980f95b0766b6becd04bd1efd38f357fca9779b2a506273d25db81a93deadaaf
-
Size
215KB
-
MD5
7556145940a7a9ff2e9a3339611e37cc
-
SHA1
1253636bed1dad00ff1e44fbe5f40f4d0ec5398b
-
SHA256
980f95b0766b6becd04bd1efd38f357fca9779b2a506273d25db81a93deadaaf
-
SHA512
95713809db3f21f578d7e0699bd864e27a06832a45e228560bfe92dfe1ee5d35a797c04ae38103951dbe217c975cc675edb29efdacf4519ca6d65cefb2fbc097
-
SSDEEP
6144:N9l9aLZX4s5pDayGfMWSPbt6wsg3CDLHU0V6:jlwlIsKNfpaYqSf0O
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-