General
-
Target
b002e90f98f6643ade82b4d657b920bc.exe
-
Size
1.6MB
-
Sample
230130-xel6zadb8t
-
MD5
b002e90f98f6643ade82b4d657b920bc
-
SHA1
2c56bae21ca4cc1d16c58a7f53add0a8ac54fa57
-
SHA256
8a1197f828988b534acf6542b5ee75239c35fc94aeeee293e45d1d01d512b29d
-
SHA512
c0870f71a2d237f90a0bbf982fb69bae82391efb1bb0806af557a406d1d23ec7838e52ab4c8d8144feeec24cd827e78e1506310eab2b1fc831aef17f8cefa87c
-
SSDEEP
24576:+7hfMeJ3ruTTdFkaasfMLAjJvrypuvGPp+2dhvj8OjzEJjug8q6x5h5T7U9NKLTj:YhfMeVrulF3LCJue5z8OjIJJi
Static task
static1
Behavioral task
behavioral1
Sample
b002e90f98f6643ade82b4d657b920bc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b002e90f98f6643ade82b4d657b920bc.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
eb3a206cd939601b2a6d00ea009a6d7e
http://195.123.241.57/
Targets
-
-
Target
b002e90f98f6643ade82b4d657b920bc.exe
-
Size
1.6MB
-
MD5
b002e90f98f6643ade82b4d657b920bc
-
SHA1
2c56bae21ca4cc1d16c58a7f53add0a8ac54fa57
-
SHA256
8a1197f828988b534acf6542b5ee75239c35fc94aeeee293e45d1d01d512b29d
-
SHA512
c0870f71a2d237f90a0bbf982fb69bae82391efb1bb0806af557a406d1d23ec7838e52ab4c8d8144feeec24cd827e78e1506310eab2b1fc831aef17f8cefa87c
-
SSDEEP
24576:+7hfMeJ3ruTTdFkaasfMLAjJvrypuvGPp+2dhvj8OjzEJjug8q6x5h5T7U9NKLTj:YhfMeVrulF3LCJue5z8OjIJJi
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-