General
-
Target
@Base_1DS1.exe
-
Size
1.7MB
-
Sample
240214-pw9plabf94
-
MD5
59502d555c1b2e38b3f99a80528993c0
-
SHA1
156d99645955a3f043c5451c6b24c3fea29f50fa
-
SHA256
bf267c00c95c56860c6ebf052f927d0237be3b4499ad58d2a71449ff06a9ce5f
-
SHA512
b31afefa0506483dec837cbfc0edfcfec52be9578d9e7d884877ece26a3bd6612e7e658467b3a93ab84bd4d710c9fd3ee7afbb66e7b63c3ab080cc8137ebfc61
-
SSDEEP
768:RQocZtO77mXVX8tLfcFY9Wshk458P/qqhdaahRLSqh3jHj8Yi6+PxWEKmwgDU9zw:G1n3FCjk4c87FPx97YzvY
Static task
static1
Behavioral task
behavioral1
Sample
@Base_1DS1.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
@Base_1DS1.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
@Base_1DS1.exe
-
Size
1.7MB
-
MD5
59502d555c1b2e38b3f99a80528993c0
-
SHA1
156d99645955a3f043c5451c6b24c3fea29f50fa
-
SHA256
bf267c00c95c56860c6ebf052f927d0237be3b4499ad58d2a71449ff06a9ce5f
-
SHA512
b31afefa0506483dec837cbfc0edfcfec52be9578d9e7d884877ece26a3bd6612e7e658467b3a93ab84bd4d710c9fd3ee7afbb66e7b63c3ab080cc8137ebfc61
-
SSDEEP
768:RQocZtO77mXVX8tLfcFY9Wshk458P/qqhdaahRLSqh3jHj8Yi6+PxWEKmwgDU9zw:G1n3FCjk4c87FPx97YzvY
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-