General
-
Target
28b50a1d9446426ee2f9fe1c9673251466d619955b20e79369528a6bd5058740
-
Size
1.9MB
-
Sample
230305-yrf16agg5y
-
MD5
031c5fe51c3d7a0b7afcab3b915d4579
-
SHA1
2aaf121bb7f6080ebc2757333916c4c07bedd3a8
-
SHA256
28b50a1d9446426ee2f9fe1c9673251466d619955b20e79369528a6bd5058740
-
SHA512
4579ad9aef244fba9ddfb5f1a58c3a72526ed75d04c0cfbf29cf5642756cc4d7ce9c599067d58683af123ae11f7bdc52c4b04873b56075ca8a3bc056ca7e7cfe
-
SSDEEP
24576:n1INpcCYHjuJtG+Gl0vGbO+IzixibLTolf49ygCl3Fhm+IsVCU2:1oc8JlTbEqygC4KVC
Malware Config
Targets
-
-
Target
28b50a1d9446426ee2f9fe1c9673251466d619955b20e79369528a6bd5058740
-
Size
1.9MB
-
MD5
031c5fe51c3d7a0b7afcab3b915d4579
-
SHA1
2aaf121bb7f6080ebc2757333916c4c07bedd3a8
-
SHA256
28b50a1d9446426ee2f9fe1c9673251466d619955b20e79369528a6bd5058740
-
SHA512
4579ad9aef244fba9ddfb5f1a58c3a72526ed75d04c0cfbf29cf5642756cc4d7ce9c599067d58683af123ae11f7bdc52c4b04873b56075ca8a3bc056ca7e7cfe
-
SSDEEP
24576:n1INpcCYHjuJtG+Gl0vGbO+IzixibLTolf49ygCl3Fhm+IsVCU2:1oc8JlTbEqygC4KVC
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-