General
-
Target
handala.exe
-
Size
1.4MB
-
Sample
240418-sy9n6agh58
-
MD5
a8e9b718a677a5ed99e839190eff02bf
-
SHA1
2d2fbd10629e44ca36397c160ba2a5b05bb49289
-
SHA256
aae017e7a36e016655c91bd01b4f3c46309bbe540733f82cce29392e72e9bd1f
-
SHA512
f4414ee9614f14ab4048b4aaaed15c0c877f7524ea011d062733e308c64ac41e2be8453ea90c6de031026c34c4de2f30fd42fb2d27480022927e4fe7727765df
-
SSDEEP
24576:4b/pDYLjWqXDHdgTAb2sF+rwLFMp17kyByOa/8PhUWfo4ui0/7ARNpgYnmffqRk4:y/pgjrQck8FoJkyAaPh/A4uicERMogfc
Static task
static1
Behavioral task
behavioral1
Sample
handala.exe
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
$INTERNET_CACHE/Eligibility.ps1
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
handala.exe
-
Size
1.4MB
-
MD5
a8e9b718a677a5ed99e839190eff02bf
-
SHA1
2d2fbd10629e44ca36397c160ba2a5b05bb49289
-
SHA256
aae017e7a36e016655c91bd01b4f3c46309bbe540733f82cce29392e72e9bd1f
-
SHA512
f4414ee9614f14ab4048b4aaaed15c0c877f7524ea011d062733e308c64ac41e2be8453ea90c6de031026c34c4de2f30fd42fb2d27480022927e4fe7727765df
-
SSDEEP
24576:4b/pDYLjWqXDHdgTAb2sF+rwLFMp17kyByOa/8PhUWfo4ui0/7ARNpgYnmffqRk4:y/pgjrQck8FoJkyAaPh/A4uicERMogfc
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
$INTERNET_CACHE/Eligibility
-
Size
257KB
-
MD5
6b36bf21f99b77035256ee91c85c872c
-
SHA1
f6c5da5338f85077a70307ba7a6a5cac2386d47d
-
SHA256
fd8c0224fbe76dff9166409da8e6839f750a863aebc8e1ff92413edc20d014e1
-
SHA512
43784293bd0cbc85ac4440e60853b518af83f6a370c1a142732be63d2df11eb45ede249386487bc2a88ff96f3279e3885efcaea31c4c1dc8e6e0acbd5a4d4a40
-
SSDEEP
6144:NdeA1F1F14XCbvNvVv8/judq2aQt8CbqG7g2j:NuL/SddaHsx7dj
Score1/10 -