General
-
Target
d69f743c79a61ae7d7ed62f6690992c3
-
Size
408KB
-
Sample
240319-vahlwahe5z
-
MD5
d69f743c79a61ae7d7ed62f6690992c3
-
SHA1
b758aa7172f95a3cfc7a5fb5e5974b0eb4edca03
-
SHA256
565bc21d2357c70baa32f95c4b954b7296292dd185ef9fc3da50c6a08e2efa33
-
SHA512
2188808ae41d3b3cc4323fec3e01f94e03cc575b49ec85d6a3f4c6cd0e567749c3eedcedf71b2d61fde82289669f319d55ed8b38cddc2502d06f3cf888f5b7f0
-
SSDEEP
6144:7+hFGk0sdrH5wjzxKvTkePF6Q6Axdikp4RfMqpl3Xz2UUFBdQg:72z0sFZozxKvoiFjbrp4bplXz2UU9
Static task
static1
Behavioral task
behavioral1
Sample
d69f743c79a61ae7d7ed62f6690992c3.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d69f743c79a61ae7d7ed62f6690992c3.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
d69f743c79a61ae7d7ed62f6690992c3
-
Size
408KB
-
MD5
d69f743c79a61ae7d7ed62f6690992c3
-
SHA1
b758aa7172f95a3cfc7a5fb5e5974b0eb4edca03
-
SHA256
565bc21d2357c70baa32f95c4b954b7296292dd185ef9fc3da50c6a08e2efa33
-
SHA512
2188808ae41d3b3cc4323fec3e01f94e03cc575b49ec85d6a3f4c6cd0e567749c3eedcedf71b2d61fde82289669f319d55ed8b38cddc2502d06f3cf888f5b7f0
-
SSDEEP
6144:7+hFGk0sdrH5wjzxKvTkePF6Q6Axdikp4RfMqpl3Xz2UUFBdQg:72z0sFZozxKvoiFjbrp4bplXz2UU9
Score10/10-
Detect ZGRat V1
-
PureLog Stealer payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-