General
-
Target
file.exe
-
Size
1.8MB
-
Sample
230123-ejg4psbf58
-
MD5
9939636c25206396c4919d90777f814d
-
SHA1
8cc2b7ea3cc5f67e76ba7d705dc97c91f4f8cb1a
-
SHA256
fee142712ee9fba0c3cc57b4e314480bf976e4b1707bbeb202a58ca2b98f39bd
-
SHA512
ada7df35959ab619ae45319a32f167fbcffb3d0266859d984e38fc343e7961d7d6105aef0254047ddfe0f1fcdfd3a826364ba6b117dafdf5155c541c32a33b08
-
SSDEEP
49152:VeD4m8wmppTlh/hn8K7/DEdgcWkygLudab3zzG:VeEm8wmppTlhpnp/4degLfe
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
9939636c25206396c4919d90777f814d
-
SHA1
8cc2b7ea3cc5f67e76ba7d705dc97c91f4f8cb1a
-
SHA256
fee142712ee9fba0c3cc57b4e314480bf976e4b1707bbeb202a58ca2b98f39bd
-
SHA512
ada7df35959ab619ae45319a32f167fbcffb3d0266859d984e38fc343e7961d7d6105aef0254047ddfe0f1fcdfd3a826364ba6b117dafdf5155c541c32a33b08
-
SSDEEP
49152:VeD4m8wmppTlh/hn8K7/DEdgcWkygLudab3zzG:VeEm8wmppTlhpnp/4degLfe
Score10/10-
Detect rhadamanthys stealer shellcode
-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-