General
-
Target
solaris.exe
-
Size
2.4MB
-
Sample
240212-ywtstabd9y
-
MD5
ff652d08cf029b5c2ad320ecfd0bab76
-
SHA1
2c445cd6682cb2a3138fcf54433b61d31671547c
-
SHA256
0e31baeb3b4d0108735c3d0ad0cf1c7a0f7f1c40e8b36fd003312e60d4fc116f
-
SHA512
5bd29a3779669c2a55795d900180909d8cb0260e03d51eb98edf673ffdedc886fa79363b7c09b4979e1e8b11d0f51c2d7b141849c8e67f8f7099caae21db084d
-
SSDEEP
49152:nLRyUcCmKGyogT/ssZ5H2fUmVPMcR+WNGTDz:nLRxcCjsmPZluj+6Gvz
Static task
static1
Behavioral task
behavioral1
Sample
solaris.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
solaris.exe
-
Size
2.4MB
-
MD5
ff652d08cf029b5c2ad320ecfd0bab76
-
SHA1
2c445cd6682cb2a3138fcf54433b61d31671547c
-
SHA256
0e31baeb3b4d0108735c3d0ad0cf1c7a0f7f1c40e8b36fd003312e60d4fc116f
-
SHA512
5bd29a3779669c2a55795d900180909d8cb0260e03d51eb98edf673ffdedc886fa79363b7c09b4979e1e8b11d0f51c2d7b141849c8e67f8f7099caae21db084d
-
SSDEEP
49152:nLRyUcCmKGyogT/ssZ5H2fUmVPMcR+WNGTDz:nLRxcCjsmPZluj+6Gvz
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Drops startup file
-
Executes dropped EXE
-