General
-
Target
bcbdacb.exe
-
Size
1.2MB
-
Sample
230615-n72mpagd6v
-
MD5
b99290063c63c1449c6d61c62f95528d
-
SHA1
dc80d751832030dbe05bb34e691a6237e2a224b5
-
SHA256
162833c025dda5b2154fc193bc71bc3e375794e13f6392f387839599df9d90e0
-
SHA512
4f6b717d1c18042243f7f62009e2638fa51e2a7139285a8469e3ba2458dc658ef6ccc8401b7c1ade0742c4dd6dd7ab98c487165f0142558191e9a7192c57c19c
-
SSDEEP
12288:UPqvdlwvVVmpmiUkWnbaczXSisUFhiqNnuJCbM/C3irgP92vjy9jhBvcS5K+xlBW:Uy5iV7bTEyhBVdhPTyITdOqa
Static task
static1
Behavioral task
behavioral1
Sample
bcbdacb.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
bcbdacb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
rhadamanthys
http://31.41.244.38/blob/3msszg.qzbo
Targets
-
-
Target
bcbdacb.exe
-
Size
1.2MB
-
MD5
b99290063c63c1449c6d61c62f95528d
-
SHA1
dc80d751832030dbe05bb34e691a6237e2a224b5
-
SHA256
162833c025dda5b2154fc193bc71bc3e375794e13f6392f387839599df9d90e0
-
SHA512
4f6b717d1c18042243f7f62009e2638fa51e2a7139285a8469e3ba2458dc658ef6ccc8401b7c1ade0742c4dd6dd7ab98c487165f0142558191e9a7192c57c19c
-
SSDEEP
12288:UPqvdlwvVVmpmiUkWnbaczXSisUFhiqNnuJCbM/C3irgP92vjy9jhBvcS5K+xlBW:Uy5iV7bTEyhBVdhPTyITdOqa
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-