General
-
Target
sample
-
Size
542B
-
Sample
240417-yp6h2acg36
-
MD5
cb2a37b81be739040d8447820b45072d
-
SHA1
dcc567f107eba763563e8f1a34fa1280679133aa
-
SHA256
2cdf5d31558b8c3c5a1ea10cb94377269d4ea3d99bb2822728f734cebfc50dcc
-
SHA512
4b182b68c946bc4b324239af7179ea3a81434d27b7aff122113763fea2afbe0a9ab5a97b11393586a909f8025f53af01de0c94000cca58364182c8f6da1c7d6c
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win10-20240404-en
Malware Config
Extracted
stealc
http://89.105.198.253
-
url_path
/300e6d86f44da037.php
Targets
-
-
Target
sample
-
Size
542B
-
MD5
cb2a37b81be739040d8447820b45072d
-
SHA1
dcc567f107eba763563e8f1a34fa1280679133aa
-
SHA256
2cdf5d31558b8c3c5a1ea10cb94377269d4ea3d99bb2822728f734cebfc50dcc
-
SHA512
4b182b68c946bc4b324239af7179ea3a81434d27b7aff122113763fea2afbe0a9ab5a97b11393586a909f8025f53af01de0c94000cca58364182c8f6da1c7d6c
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-