General
-
Target
9dc7f9393f54a7bf933471b7ab6112bc.bin
-
Size
1.2MB
-
Sample
230420-b3t1tsgg3x
-
MD5
ddb4d3fdb6be4caddf6984f58577bfd8
-
SHA1
278cda44bb103f72a3651d641f6bde381749f11c
-
SHA256
a42665d5c059292f531f025fe191f58a017baef95c4b56b05c0423d18dd75d61
-
SHA512
61923aec6fc09b8d70fda249e024923c272227450a0faea46e52acbcfbbe7bcdc6605fd6c9ccbd010a10c4783f2e615ece588db8a6b7fdf001a7fd24c4c64916
-
SSDEEP
24576:zUn1o++S8BReiRlAbQRKWcYXhdR4PuJ2dKQ70bqHlj7RjhBtTA:E1o+RewiRQgcSh4g2HhtXFA
Static task
static1
Behavioral task
behavioral1
Sample
fb6ce24e85b41bb956eb4de5e5da0139c7fde30c9d535ab4e2d4fb710bf3650c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
fb6ce24e85b41bb956eb4de5e5da0139c7fde30c9d535ab4e2d4fb710bf3650c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
fb6ce24e85b41bb956eb4de5e5da0139c7fde30c9d535ab4e2d4fb710bf3650c.exe
-
Size
1.2MB
-
MD5
9dc7f9393f54a7bf933471b7ab6112bc
-
SHA1
fb89c78489c12820ac134a72a630d26269cd9e7f
-
SHA256
fb6ce24e85b41bb956eb4de5e5da0139c7fde30c9d535ab4e2d4fb710bf3650c
-
SHA512
0214f796de70ef859b8cf12b21c2761a574660fc7a5a3781f9ddf346cb18b2ba2edcd3e14984eeb24b79358ee7f0cc3d78bc72496714b8a5b76b4b6bb2f00f00
-
SSDEEP
24576:kyvWSSmy9HZ0azlkqBAfuLF8vYffHleFhzogIcg2XUp8sl/F8:zuSkHhCfua4eFhzsctTa/F
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-