General
-
Target
file
-
Size
2.7MB
-
Sample
240401-ym79vadh2v
-
MD5
bcc93e415a05ea5bb4ac3985fe389866
-
SHA1
54afd186ad33eea4266fdcae4229e8fe48e4e8eb
-
SHA256
6ce6fd56b675cb8ffc6e5ecb11bb80640e24e58a09985f8a4f635ee9c3c2bf97
-
SHA512
a5ec0307abaab0f9a5a5c28cb1bcae8847dd21b91c9f8a84e0e0294b2b039a5d68c22cb8a4f56f5bb6e344e26df5ab1416612c8c3cb1c7f8980ae137dda49016
-
SSDEEP
49152:wrtSAbjawsGcz8QfpyvcRjBZPohnKZV7+P:bOaw1uF4
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
file
-
Size
2.7MB
-
MD5
bcc93e415a05ea5bb4ac3985fe389866
-
SHA1
54afd186ad33eea4266fdcae4229e8fe48e4e8eb
-
SHA256
6ce6fd56b675cb8ffc6e5ecb11bb80640e24e58a09985f8a4f635ee9c3c2bf97
-
SHA512
a5ec0307abaab0f9a5a5c28cb1bcae8847dd21b91c9f8a84e0e0294b2b039a5d68c22cb8a4f56f5bb6e344e26df5ab1416612c8c3cb1c7f8980ae137dda49016
-
SSDEEP
49152:wrtSAbjawsGcz8QfpyvcRjBZPohnKZV7+P:bOaw1uF4
-
Detect ZGRat V1
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Async RAT payload
-
Blocklisted process makes network request
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Stops running service(s)
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-