General
-
Target
c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a.exe
-
Size
2.3MB
-
Sample
240207-1gdt6aba67
-
MD5
ffd6c86af20c38cccffcd9b0e15ece4c
-
SHA1
6f7e99a0d8fff2b7191468dfac2c51c2fba5cd52
-
SHA256
c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a
-
SHA512
eae55c69e951a9cd4a4f2dabf6aba2e0a61a9251733156bbb25bc2b47fcea27e9d7ea92c349345b2ab06407cd64dd828d147fd06bdd053bd5938cf85120f7bb4
-
SSDEEP
24576:usP9hehe+N0gOaDSKvzL3+gTFDrZ7FB1gGU47aU7hR9g4Fw1aAanY9517v7Wy4dv:14hGKfp9gWJR3cP517zWn6n3B9jYxLrp
Static task
static1
Behavioral task
behavioral1
Sample
c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a.exe
-
Size
2.3MB
-
MD5
ffd6c86af20c38cccffcd9b0e15ece4c
-
SHA1
6f7e99a0d8fff2b7191468dfac2c51c2fba5cd52
-
SHA256
c97aa2240452b4c1db4ccfbfc783c95d6b47309d5bd389675864d0fc3541b93a
-
SHA512
eae55c69e951a9cd4a4f2dabf6aba2e0a61a9251733156bbb25bc2b47fcea27e9d7ea92c349345b2ab06407cd64dd828d147fd06bdd053bd5938cf85120f7bb4
-
SSDEEP
24576:usP9hehe+N0gOaDSKvzL3+gTFDrZ7FB1gGU47aU7hR9g4Fw1aAanY9517v7Wy4dv:14hGKfp9gWJR3cP517zWn6n3B9jYxLrp
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-