General
-
Target
file.exe
-
Size
4.9MB
-
Sample
230120-zg1hgsbf7z
-
MD5
7dabec607b4872e1f64863dd68f18d82
-
SHA1
30798aa374bc4f37154e4fefb161cc41dab614f4
-
SHA256
ee8ea5570b0a2c9f6aef8e551cc0d3fbd0be45dc5c11c50ca7056eef2d85d77d
-
SHA512
a7ff811c169f9b46b0f789d85b71fb9b9b3dfc374fc1ae225d0e090c0eb29c178bc9fb7f7bdfe9158dedd681243e6150fdbe55896a2b6fb17f32ae694b0bcf7d
-
SSDEEP
98304:SIhSxS66DH5nm+UxPcHlYKB0hn5NeQJEFO2AlDmt8:SK66DH5dUxkFXBG02EWlDn
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
4.9MB
-
MD5
7dabec607b4872e1f64863dd68f18d82
-
SHA1
30798aa374bc4f37154e4fefb161cc41dab614f4
-
SHA256
ee8ea5570b0a2c9f6aef8e551cc0d3fbd0be45dc5c11c50ca7056eef2d85d77d
-
SHA512
a7ff811c169f9b46b0f789d85b71fb9b9b3dfc374fc1ae225d0e090c0eb29c178bc9fb7f7bdfe9158dedd681243e6150fdbe55896a2b6fb17f32ae694b0bcf7d
-
SSDEEP
98304:SIhSxS66DH5nm+UxPcHlYKB0hn5NeQJEFO2AlDmt8:SK66DH5dUxkFXBG02EWlDn
Score10/10-
Detect rhadamanthys stealer shellcode
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-