General
-
Target
0fdfe42750d9a51d9f3007ae5153fac6.bin
-
Size
1.1MB
-
Sample
230329-bcyw4afh2t
-
MD5
249a1adf05bf4f7b80d6e11f10b7b81c
-
SHA1
2950151dc5111c8e9b92a3d9a426ead3a3f79a60
-
SHA256
55e4b74bb2ef7d292e3af953f7c0fc8865f4cca73c11d2ee84e7f66b44ab8216
-
SHA512
63b883fed851a18be84a2fc48fd48f7bbe54f0c04d7d57f566af3e3c363090da9ff59538efb91b9c9812f314a5f124897087c240421e62c15db626646b30b82e
-
SSDEEP
24576:txGTDhGJxHlEjVZDfEEnLPABq6po+sWuhpV2IsFBHitW/:txcFGJxFEjfEEnLAfj3Ovc1mW/
Static task
static1
Behavioral task
behavioral1
Sample
b80c6077ed4c9814a995b866297e0e522c9d23917370767ff05e951ca9412e93.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b80c6077ed4c9814a995b866297e0e522c9d23917370767ff05e951ca9412e93.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
vidar
3.1
ba1fc89d9f7df84dadf34886aabb246c
https://t.me/owned001
http://65.109.236.2:80
https://t.me/tabootalks
https://steamcommunity.com/profiles/76561199472266392
http://135.181.26.183:80
-
profile_id_v2
ba1fc89d9f7df84dadf34886aabb246c
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79
Targets
-
-
Target
b80c6077ed4c9814a995b866297e0e522c9d23917370767ff05e951ca9412e93.exe
-
Size
1.6MB
-
MD5
0fdfe42750d9a51d9f3007ae5153fac6
-
SHA1
74ecf809721f871ec47187716a55101ca2c7e51a
-
SHA256
b80c6077ed4c9814a995b866297e0e522c9d23917370767ff05e951ca9412e93
-
SHA512
fe24ea45c03c97752930d8892fc1f83e197b6d5fc1026b717220cf4fd088b69a5079d1e2d3780d8c6691e251cb097675f9554e548fc4c0fd8ed8bf8c9ca32689
-
SSDEEP
49152:KksJ9boYkPQjKjfJQlunr1aJim51hdEDer/W9eBgA:k98AKbfr1aJP1EarxBg
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-