General
-
Target
a.exe
-
Size
979KB
-
Sample
230510-3dtsbace5w
-
MD5
20f70cdf44bd28fc1b1f1dd69c99f22e
-
SHA1
e19928d2871098c4488cf71d54a860a1f6d78a36
-
SHA256
d02711122b130cd44c721437f4f2767b9c61b832fe6e3d35536f745d131d16ff
-
SHA512
858b6acaf44cedf4f1d8660c86a70bf96779658a27ba02aa298faca3ca48063725cb50cc8168180195ff8ac3258e28a2ee9b064352c2b2a55bbeeec1c33cef84
-
SSDEEP
24576:CeGVZ9/e0wilWWC7rD/QTYrpGzaVWWeiZfsPHY:4320uWt4pGmVzZAY
Static task
static1
Behavioral task
behavioral1
Sample
a.exe
Resource
win10-20230220-en
Behavioral task
behavioral2
Sample
a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
rhadamanthys
http://8002.motorline.pw/api/9wcnem.x0vs
Targets
-
-
Target
a.exe
-
Size
979KB
-
MD5
20f70cdf44bd28fc1b1f1dd69c99f22e
-
SHA1
e19928d2871098c4488cf71d54a860a1f6d78a36
-
SHA256
d02711122b130cd44c721437f4f2767b9c61b832fe6e3d35536f745d131d16ff
-
SHA512
858b6acaf44cedf4f1d8660c86a70bf96779658a27ba02aa298faca3ca48063725cb50cc8168180195ff8ac3258e28a2ee9b064352c2b2a55bbeeec1c33cef84
-
SSDEEP
24576:CeGVZ9/e0wilWWC7rD/QTYrpGzaVWWeiZfsPHY:4320uWt4pGmVzZAY
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-