General
-
Target
74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983exeexe_JC.exe
-
Size
495KB
-
Sample
230813-lyarhacf81
-
MD5
4c224ad23e402d58bbd23023bf883dc0
-
SHA1
67cbaf4b24ccf90ca845626d1ed97831ef0dd55b
-
SHA256
74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983
-
SHA512
5aad2b848d6098c8cdbf58ce115ac832826e82f803aaaca5625197c445d3849f6cb256aaeeebed4bd3a5b0db92f0f957ee5de79312f4fc4b9769f8deae0b5766
-
SSDEEP
12288:hwp22VqKfpoJfgq+mugd256TJzxpQodc5X:hwp26PfOJfgbmBT5c5
Static task
static1
Behavioral task
behavioral1
Sample
74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983exeexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983exeexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
systembc
discordcdn8839248.com:4327
chinabar821994.com:4327
Targets
-
-
Target
74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983exeexe_JC.exe
-
Size
495KB
-
MD5
4c224ad23e402d58bbd23023bf883dc0
-
SHA1
67cbaf4b24ccf90ca845626d1ed97831ef0dd55b
-
SHA256
74a434ab27dee2234cc149fa8d34c6d5af5beaa0060ffad7523fde8ec923f983
-
SHA512
5aad2b848d6098c8cdbf58ce115ac832826e82f803aaaca5625197c445d3849f6cb256aaeeebed4bd3a5b0db92f0f957ee5de79312f4fc4b9769f8deae0b5766
-
SSDEEP
12288:hwp22VqKfpoJfgq+mugd256TJzxpQodc5X:hwp26PfOJfgbmBT5c5
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-