General
-
Target
cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6
-
Size
404.2MB
-
Sample
230116-2awbasad3z
-
MD5
fcb4b9dfe2f6ed4504410160001d03a7
-
SHA1
2b66273ea2797e5ba3e33582da6d0f91f5e7833c
-
SHA256
cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6
-
SHA512
3373699f165aab7cccfb6062ac3c3a49d76fc7591f971a76ce4e6d3eb7e1f0fdfad2d71a7632bd5013a44d8b718ef510f3198c87572f58d828c5d68a613a9efa
-
SSDEEP
49152:At33d2m6BN4NPGonVbx5Y3Va5i/QWKxLBNZZcAt:iQozTG3Va5iYJxLB7ZcA
Static task
static1
Behavioral task
behavioral1
Sample
cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6.exe
Resource
win10-20220812-en
Malware Config
Extracted
systembc
45.147.197.24:4001
80.89.234.122:4001
Targets
-
-
Target
cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6
-
Size
404.2MB
-
MD5
fcb4b9dfe2f6ed4504410160001d03a7
-
SHA1
2b66273ea2797e5ba3e33582da6d0f91f5e7833c
-
SHA256
cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6
-
SHA512
3373699f165aab7cccfb6062ac3c3a49d76fc7591f971a76ce4e6d3eb7e1f0fdfad2d71a7632bd5013a44d8b718ef510f3198c87572f58d828c5d68a613a9efa
-
SSDEEP
49152:At33d2m6BN4NPGonVbx5Y3Va5i/QWKxLBNZZcAt:iQozTG3Va5iYJxLB7ZcA
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-