General
-
Target
file.exe
-
Size
358KB
-
Sample
230317-q2ft5sad9y
-
MD5
d1f8e6ec0e0a31e2e8cdbb836d1dc5ff
-
SHA1
2876f0a9e0b7fdec1a711a41f37244d2ddf208f6
-
SHA256
7e4dac07d2696331da92d33b3b8d888dbd60272845ebc7889ace9709d6cda45a
-
SHA512
aa39ff96daeee59002e464b6b2be1e35cba62c55f47e5416c25257fa8d6f2273469a2d8868453034abe359ef9d3ed5a04b8bf5adeead46437daab55d6aac2d1c
-
SSDEEP
6144:fJcLT8i79LouEtgChMxOLN6d3SWC6CKWxD0d8o:fJccip0udCYaMCMWxD
Malware Config
Targets
-
-
Target
file.exe
-
Size
358KB
-
MD5
d1f8e6ec0e0a31e2e8cdbb836d1dc5ff
-
SHA1
2876f0a9e0b7fdec1a711a41f37244d2ddf208f6
-
SHA256
7e4dac07d2696331da92d33b3b8d888dbd60272845ebc7889ace9709d6cda45a
-
SHA512
aa39ff96daeee59002e464b6b2be1e35cba62c55f47e5416c25257fa8d6f2273469a2d8868453034abe359ef9d3ed5a04b8bf5adeead46437daab55d6aac2d1c
-
SSDEEP
6144:fJcLT8i79LouEtgChMxOLN6d3SWC6CKWxD0d8o:fJccip0udCYaMCMWxD
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-