General
-
Target
7d64c0f845c06eaa305582902806bcdda2a63370ec425128dc85469b2c388b6d
-
Size
2.4MB
-
Sample
230307-fg975sgc7x
-
MD5
143e1132bbb49d0de9d15e9d66cd210f
-
SHA1
3b207925ed1abffba67c4d2fb676a086d998ab8c
-
SHA256
7d64c0f845c06eaa305582902806bcdda2a63370ec425128dc85469b2c388b6d
-
SHA512
5edc103dc1fc7969a4789832059e4917a891c3a31825f65a2bbe6299d63a1757acb7dc18f0c91a31fd125a718edaa1ec8e3361ca5de9be05aad64a9932de1448
-
SSDEEP
49152:ExumC8c+cbucGjh2J6ttnNrMPL0cFOjG:
Malware Config
Targets
-
-
Target
7d64c0f845c06eaa305582902806bcdda2a63370ec425128dc85469b2c388b6d
-
Size
2.4MB
-
MD5
143e1132bbb49d0de9d15e9d66cd210f
-
SHA1
3b207925ed1abffba67c4d2fb676a086d998ab8c
-
SHA256
7d64c0f845c06eaa305582902806bcdda2a63370ec425128dc85469b2c388b6d
-
SHA512
5edc103dc1fc7969a4789832059e4917a891c3a31825f65a2bbe6299d63a1757acb7dc18f0c91a31fd125a718edaa1ec8e3361ca5de9be05aad64a9932de1448
-
SSDEEP
49152:ExumC8c+cbucGjh2J6ttnNrMPL0cFOjG:
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-