General
-
Target
083b5ff18230518a7726e0701b6cb24e.bin
-
Size
1.4MB
-
Sample
230130-p82jraad65
-
MD5
6f7f5485f7efcb49f26cb2f2c5e6708a
-
SHA1
69d6030fe072780362f29d9e9a3ce957760fda65
-
SHA256
a3f51710d2f3c308f59e9dad84254b703cf9fd30c360834ab8478247e517f176
-
SHA512
110fafba69618b7870203cc31413fb716c9c030b0cfdb047514a3c1c5900e42a5e19296078ad32ac257f03e5b9b6ef6a09ce6be88e957e1ec6ecacc29fac5984
-
SSDEEP
24576:JyUDdhx5Xuw5xDm8g/kU4FWWnILit3t2t3gV4p6ZyFoh9V1TykBOHHKWMSMDUCTQ:ogVP5x68HU4gHPhK4c9VllBlNSATNDmD
Static task
static1
Behavioral task
behavioral1
Sample
4640e5b9817fd35d92b0d0687003576c75fd4e0df34bcfa0008c6ca3450a8f6d.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4640e5b9817fd35d92b0d0687003576c75fd4e0df34bcfa0008c6ca3450a8f6d.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
4640e5b9817fd35d92b0d0687003576c75fd4e0df34bcfa0008c6ca3450a8f6d.exe
-
Size
2.0MB
-
MD5
083b5ff18230518a7726e0701b6cb24e
-
SHA1
4f20797af1ac735c735a10f57bf5e643c5418265
-
SHA256
4640e5b9817fd35d92b0d0687003576c75fd4e0df34bcfa0008c6ca3450a8f6d
-
SHA512
62c3da115e2628b45fa2afb8f5f9f15503db1d0c41a35aac18a4c7c1128e8d2b8aea0c386d20c08b9bfe55ca5791365fd4e84a3029a68396061156fbb7952dd7
-
SSDEEP
24576:Jj9GViAmhHq2cDn9d2QKnqEtmwIqNc7COKIYJjQDQke35GCBBtEtw4ZvG0b0/6N8:J97A9itGojQ0FCtdZ+0bHNUt
Score10/10-
Detect rhadamanthys stealer shellcode
-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-