General
-
Target
sample
-
Size
18KB
-
Sample
240418-wcetfabg9x
-
MD5
04ae4356f5a97d84c603cd91a711837c
-
SHA1
68609391fd55cbfe68fe64eb7a242841b060e3fd
-
SHA256
4cfd9978e2751b8efa5fa3abfa669b1af74e721c8199c2c5681d945f9efc29af
-
SHA512
d0ec5bbe2a07fab3a1f128121e9a398edcdd0898017ee4eb5e51bc4b811f49bf206b5f68ad5ded90d73c2a0509457a7dad5bfb27899dd734498529ce2d8de30c
-
SSDEEP
192:Hl9WSskCBuYbqxPqxKBzNBuBUt0Wjw+QQLDEpR/dZ:TWvRYaxK5HMEL8T
Static task
static1
Behavioral task
behavioral1
Sample
sample
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
sample
Resource
win11-20240412-en
Malware Config
Extracted
stealc
http://193.163.7.88
-
url_path
/a69d09b357e06b52.php
Targets
-
-
Target
sample
-
Size
18KB
-
MD5
04ae4356f5a97d84c603cd91a711837c
-
SHA1
68609391fd55cbfe68fe64eb7a242841b060e3fd
-
SHA256
4cfd9978e2751b8efa5fa3abfa669b1af74e721c8199c2c5681d945f9efc29af
-
SHA512
d0ec5bbe2a07fab3a1f128121e9a398edcdd0898017ee4eb5e51bc4b811f49bf206b5f68ad5ded90d73c2a0509457a7dad5bfb27899dd734498529ce2d8de30c
-
SSDEEP
192:Hl9WSskCBuYbqxPqxKBzNBuBUt0Wjw+QQLDEpR/dZ:TWvRYaxK5HMEL8T
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-