General
-
Target
CelestialCodes.exe
-
Size
10.0MB
-
Sample
240325-vyp1vsgg81
-
MD5
507048fc3e8bf91b8ea467045bc2964b
-
SHA1
e790cdea39a0f8c0644425e762488f9fbdea66ee
-
SHA256
bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203
-
SHA512
50a8a1a574b815b8899e09f4e83f526d2bda50f122e71afc246e2877b004aa488991c7c6a975edfc42e5ac22c2aba6c7c3b63556680fc73216f9da20bcb72f9b
-
SSDEEP
49152:ooUwF2D7Ah9uRoSouISQFcd2fRMEhax30H5YeFQZc3jg7RaOa1mRI0oet8HOgrbF:ohshoqSPBk2ba14oodw5f9UEHz5QMjOy
Static task
static1
Behavioral task
behavioral1
Sample
CelestialCodes.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CelestialCodes.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
CelestialCodes.exe
-
Size
10.0MB
-
MD5
507048fc3e8bf91b8ea467045bc2964b
-
SHA1
e790cdea39a0f8c0644425e762488f9fbdea66ee
-
SHA256
bea1d58d168b267c27b1028b47bd6ad19e249630abb7c03cfffede8568749203
-
SHA512
50a8a1a574b815b8899e09f4e83f526d2bda50f122e71afc246e2877b004aa488991c7c6a975edfc42e5ac22c2aba6c7c3b63556680fc73216f9da20bcb72f9b
-
SSDEEP
49152:ooUwF2D7Ah9uRoSouISQFcd2fRMEhax30H5YeFQZc3jg7RaOa1mRI0oet8HOgrbF:ohshoqSPBk2ba14oodw5f9UEHz5QMjOy
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-