General
-
Target
04885099.bin
-
Size
354KB
-
Sample
230618-m5gdaseh32
-
MD5
e897496f8d9c5029457964e78bb8141b
-
SHA1
f774249f0fe0016cc400455ebe869ce693a805ed
-
SHA256
b90c51ddd52842e6062f1ec389ac8b36f26d2f149134decee452690bef7adf4b
-
SHA512
0be81e6de6b9fd04afd10b78f8a2d1b1dca6b8202cd82506f2b01ef3a82b0bc68a84b721a34a838ba1cbc7be726de2a81eb6d65b6bdcc1122e2fd61e67a46d78
-
SSDEEP
6144:tMI0xRDxZJXYixvTWIfOcY6HH9P5PTlU5IoF5zXIgV468Kjz8eIYhnaFqjvMI:tADZukLZjY6d5PxUxzzjV468Kz8eIYmy
Static task
static1
Behavioral task
behavioral1
Sample
b5645b317166b0b99f915bd7d5a0de8758c6193c6b6324d4821da47791994595.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b5645b317166b0b99f915bd7d5a0de8758c6193c6b6324d4821da47791994595.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
b5645b317166b0b99f915bd7d5a0de8758c6193c6b6324d4821da47791994595.exe
-
Size
446KB
-
MD5
82753bed041d05b32e560a5f6e96e560
-
SHA1
66f82f505e50c9a63328bab4dfb2aaa6fe5dc1e8
-
SHA256
b5645b317166b0b99f915bd7d5a0de8758c6193c6b6324d4821da47791994595
-
SHA512
dbea9ce63a9e3186f92074db7b4e6a855f1b2673e1e4e1efbe0f72a88414234633ab4f7903c1ce25e266130dfa28c34701f6d8407909e50dbb1c8c41b2ff89a9
-
SSDEEP
12288:XXNYUuRiQi9eh4q/T4Yu9aXvWmMQszY+/CJW:XdUVi9ER/3Xvtnscpk
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-