lgoogloader | a3f51710d2f3c308f59e9dad84254b703cf9fd30c360834ab8478247e517f176 | Triage

Submit
Reports

Overview

overview

Static

static

4640e5b981...6d.exe

windows7-x64

1

4640e5b981...6d.exe

windows10-2004-x64

Sharing

General

Target

083b5ff18230518a7726e0701b6cb24e.bin
Size

1.4MB
Sample

230130-p82jraad65
MD5

6f7f5485f7efcb49f26cb2f2c5e6708a
SHA1

69d6030fe072780362f29d9e9a3ce957760fda65
SHA256

a3f51710d2f3c308f59e9dad84254b703cf9fd30c360834ab8478247e517f176
SHA512

110fafba69618b7870203cc31413fb716c9c030b0cfdb047514a3c1c5900e42a5e19296078ad32ac257f03e5b9b6ef6a09ce6be88e957e1ec6ecacc29fac5984
SSDEEP

24576:JyUDdhx5Xuw5xDm8g/kU4FWWnILit3t2t3gV4p6ZyFoh9V1TykBOHHKWMSMDUCTQ:ogVP5x68HU4gHPhK4c9VllBlNSATNDmD

Score

10^/10

lgoogloader rhadamanthys downloader stealer

Static task

static1

Behavioral task

behavioral1

Sample

4640e5b9817fd35d92b0d0687003576c75fd4e0df34bcfa0008c6ca3450a8f6d.exe

Resource

win7-20221111-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

4640e5b9817fd35d92b0d0687003576c75fd4e0df34bcfa0008c6ca3450a8f6d.exe

Resource

win10v2004-20220812-en

lgoogloader rhadamanthys downloader stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  4640e5b9817fd35d92b0d0687003576c75fd4e0df34bcfa0008c6ca3450a8f6d.exe
- Size
  
  2.0MB
- MD5
  
  083b5ff18230518a7726e0701b6cb24e
- SHA1
  
  4f20797af1ac735c735a10f57bf5e643c5418265
- SHA256
  
  4640e5b9817fd35d92b0d0687003576c75fd4e0df34bcfa0008c6ca3450a8f6d
- SHA512
  
  62c3da115e2628b45fa2afb8f5f9f15503db1d0c41a35aac18a4c7c1128e8d2b8aea0c386d20c08b9bfe55ca5791365fd4e84a3029a68396061156fbb7952dd7
- SSDEEP
  
  24576:Jj9GViAmhHq2cDn9d2QKnqEtmwIqNc7COKIYJjQDQke35GCBBtEtw4ZvG0b0/6N8:J97A9itGojQ0FCtdZ+0bHNUt
Score

10^/10

lgoogloader rhadamanthys downloader stealer
- Detect rhadamanthys stealer shellcode
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

lgoogloaderrhadamanthysdownloaderstealer

© 2018-2024

Terms | Privacy