General
-
Target
d25cffb2218f3a928e86fa11cfc0934da096abdeaf2fbaa53eb3313ecdd89ee2
-
Size
1.7MB
-
Sample
230120-wgkkgsba5z
-
MD5
3db927e91aa47ba30e91c0aa6bc9cd31
-
SHA1
cad0e1f5ee6ddc8b4e0e785d034bcb793d03ac8a
-
SHA256
d25cffb2218f3a928e86fa11cfc0934da096abdeaf2fbaa53eb3313ecdd89ee2
-
SHA512
066d6783d29a435acd9cf81fa868b56376621fe45064a192799a809eb177eeacb0f39e126e6747d772b3125fb26db0d9f2e673655c928380d3d1ce55b2198e98
-
SSDEEP
49152:rRycJuiThl8k6xTU/gP0vSI2ok4tWIg3OM/:1ycJuiThl8k6x+gMvj2v4QIyOO
Static task
static1
Behavioral task
behavioral1
Sample
d25cffb2218f3a928e86fa11cfc0934da096abdeaf2fbaa53eb3313ecdd89ee2.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
d25cffb2218f3a928e86fa11cfc0934da096abdeaf2fbaa53eb3313ecdd89ee2
-
Size
1.7MB
-
MD5
3db927e91aa47ba30e91c0aa6bc9cd31
-
SHA1
cad0e1f5ee6ddc8b4e0e785d034bcb793d03ac8a
-
SHA256
d25cffb2218f3a928e86fa11cfc0934da096abdeaf2fbaa53eb3313ecdd89ee2
-
SHA512
066d6783d29a435acd9cf81fa868b56376621fe45064a192799a809eb177eeacb0f39e126e6747d772b3125fb26db0d9f2e673655c928380d3d1ce55b2198e98
-
SSDEEP
49152:rRycJuiThl8k6xTU/gP0vSI2ok4tWIg3OM/:1ycJuiThl8k6x+gMvj2v4QIyOO
Score10/10-
Detect rhadamanthys stealer shellcode
-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-