General

  • Target

    CelestialCodes.exe

  • Size

    10.0MB

  • Sample

    240325-vyp1vsgg81

  • MD5

    507048fc3e8bf91b8ea467045bc2964b

  • SHA1

    e790cdea39a0f8c0644425e762488f9fbdea66ee

  • SHA256

    bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203

  • SHA512

    50a8a1a574b815b8899e09f4e83f526d2bda50f122e71afc246e2877b004aa488991c7c6a975edfc42e5ac22c2aba6c7c3b63556680fc73216f9da20bcb72f9b

  • SSDEEP

    49152:ooUwF2D7Ah9uRoSouISQFcd2fRMEhax30H5YeFQZc3jg7RaOa1mRI0oet8HOgrbF:ohshoqSPBk2ba14oodw5f9UEHz5QMjOy

Score
10/10

Malware Config

Targets

    • Target

      CelestialCodes.exe

    • Size

      10.0MB

    • MD5

      507048fc3e8bf91b8ea467045bc2964b

    • SHA1

      e790cdea39a0f8c0644425e762488f9fbdea66ee

    • SHA256

      bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203

    • SHA512

      50a8a1a574b815b8899e09f4e83f526d2bda50f122e71afc246e2877b004aa488991c7c6a975edfc42e5ac22c2aba6c7c3b63556680fc73216f9da20bcb72f9b

    • SSDEEP

      49152:ooUwF2D7Ah9uRoSouISQFcd2fRMEhax30H5YeFQZc3jg7RaOa1mRI0oet8HOgrbF:ohshoqSPBk2ba14oodw5f9UEHz5QMjOy

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks