General

  • Target

    file.exe

  • Size

    1.7MB

  • Sample

    230209-yh4qvsae44

  • MD5

    94a6093a131c6a9aac502bb5314fd1a9

  • SHA1

    5f7907aa37b1d649884889970d47d8d2eb05db13

  • SHA256

    dc999c9387fdf2312df82d98d0efdab722010a333b6bce2250b3433ba98d8469

  • SHA512

    aacf6f568bf2394bcf5b5c76c888eb6df68de55316e13464fbd79949d5c7ee3416c526e67aa333e382dc64c375f6b2db6686b62cc33b511de320201415061fde

  • SSDEEP

    49152:iXPyEEBuyH9Ul0s5kKZh48UVoBBIVKtVYSP:cyEed+w8UVcBIkt6o

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.7MB

    • MD5

      94a6093a131c6a9aac502bb5314fd1a9

    • SHA1

      5f7907aa37b1d649884889970d47d8d2eb05db13

    • SHA256

      dc999c9387fdf2312df82d98d0efdab722010a333b6bce2250b3433ba98d8469

    • SHA512

      aacf6f568bf2394bcf5b5c76c888eb6df68de55316e13464fbd79949d5c7ee3416c526e67aa333e382dc64c375f6b2db6686b62cc33b511de320201415061fde

    • SSDEEP

      49152:iXPyEEBuyH9Ul0s5kKZh48UVoBBIVKtVYSP:cyEed+w8UVcBIkt6o

    • Detect rhadamanthys stealer shellcode

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks