General
-
Target
6ad4c22533cf835aaafd24303e155aa431d3aa38c1746dc8fccf2924e0be4b63
-
Size
665KB
-
Sample
230323-l6k77seh69
-
MD5
514f53dc14b8ea04dca91445ab18803c
-
SHA1
533091f1ce214bd16cc0334f7c4ab091c7417d8d
-
SHA256
6ad4c22533cf835aaafd24303e155aa431d3aa38c1746dc8fccf2924e0be4b63
-
SHA512
ba4f1c35fe055aefafe650782d16deba9a2cd383ca47ab255ec561efc938a542bd52f40dbda26f12534b5b4388c5a80708a68b87d43c40c99aa105498e449cd7
-
SSDEEP
12288:FEMabC8uxlpPYZcQbLcopr+R1UhLmmK5hCBhVzwUfNO1OpX36jM:6M+PklOZVbLc2rW+LIETzwJG36A
Static task
static1
Behavioral task
behavioral1
Sample
6ad4c22533cf835aaafd24303e155aa431d3aa38c1746dc8fccf2924e0be4b63.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
6ad4c22533cf835aaafd24303e155aa431d3aa38c1746dc8fccf2924e0be4b63
-
Size
665KB
-
MD5
514f53dc14b8ea04dca91445ab18803c
-
SHA1
533091f1ce214bd16cc0334f7c4ab091c7417d8d
-
SHA256
6ad4c22533cf835aaafd24303e155aa431d3aa38c1746dc8fccf2924e0be4b63
-
SHA512
ba4f1c35fe055aefafe650782d16deba9a2cd383ca47ab255ec561efc938a542bd52f40dbda26f12534b5b4388c5a80708a68b87d43c40c99aa105498e449cd7
-
SSDEEP
12288:FEMabC8uxlpPYZcQbLcopr+R1UhLmmK5hCBhVzwUfNO1OpX36jM:6M+PklOZVbLc2rW+LIETzwJG36A
Score10/10-
Detect rhadamanthys stealer shellcode
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-