General

  • Target

    c8a5eefe493b6e3a232acb40147d35ff468e28f65b3392e691efea30dcbf64c3

  • Size

    3.6MB

  • Sample

    240325-fpfcqsgg66

  • MD5

    469ff745c8275ceca411beca409c81fb

  • SHA1

    55d6ccdf12e5645bd35b8c1f596e78abfcaaf311

  • SHA256

    c8a5eefe493b6e3a232acb40147d35ff468e28f65b3392e691efea30dcbf64c3

  • SHA512

    6658e510b03efdad65e329d7ed521df7a60fc63760cff6b9b855541bbe4f4f712f6c56ce816f9cbb4103fe1c37d92b154d5f3bc269ada05d3930dc3f66b8ad7c

  • SSDEEP

    49152:cfU4Uj059yaxNDrELFAud9tsPz1tKJw60mH+jqBCodWe4AWaGMo7JKfuKVV:cfUbU9yaNDr4FAueJsu4+jqV+AcXJKfh

Score
10/10

Malware Config

Targets

    • Target

      c8a5eefe493b6e3a232acb40147d35ff468e28f65b3392e691efea30dcbf64c3

    • Size

      3.6MB

    • MD5

      469ff745c8275ceca411beca409c81fb

    • SHA1

      55d6ccdf12e5645bd35b8c1f596e78abfcaaf311

    • SHA256

      c8a5eefe493b6e3a232acb40147d35ff468e28f65b3392e691efea30dcbf64c3

    • SHA512

      6658e510b03efdad65e329d7ed521df7a60fc63760cff6b9b855541bbe4f4f712f6c56ce816f9cbb4103fe1c37d92b154d5f3bc269ada05d3930dc3f66b8ad7c

    • SSDEEP

      49152:cfU4Uj059yaxNDrELFAud9tsPz1tKJw60mH+jqBCodWe4AWaGMo7JKfuKVV:cfUbU9yaNDr4FAueJsu4+jqV+AcXJKfh

    Score
    10/10
    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks