General
-
Target
Authenticator_release_x86_64_2.exe
-
Size
17.2MB
-
Sample
240424-z3ccsahg82
-
MD5
26674a4865f364f2e3b7155da5fb4817
-
SHA1
2a9e1278e560dea0ac691c59b1ca90f29bf4d519
-
SHA256
baf55c8fc4986b0cd6c270b6c5b7851dbc583b216de752d3cc9d9725c36006e0
-
SHA512
083ad97e0b9964d26b2c3bbfbb08c2cf27c3b53bd93f67da4308f9921dc07ea0e208e4a194c1609ccab80d4d37444cf0490f59af10616df21c044c345449c2d3
-
SSDEEP
196608:KePBccl0sKYu/PaQtsI9iL4FMIZETSkjPePdrQJM93BMJg6x9iGvPoMut/X6e0yL:lBccLQtsTQETSkvJQCJGG4MUXx8AKOR/
Behavioral task
behavioral1
Sample
Authenticator_release_x86_64_2.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Authenticator_release_x86_64_2.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Authenticator_release_x86_64_2.exe
-
Size
17.2MB
-
MD5
26674a4865f364f2e3b7155da5fb4817
-
SHA1
2a9e1278e560dea0ac691c59b1ca90f29bf4d519
-
SHA256
baf55c8fc4986b0cd6c270b6c5b7851dbc583b216de752d3cc9d9725c36006e0
-
SHA512
083ad97e0b9964d26b2c3bbfbb08c2cf27c3b53bd93f67da4308f9921dc07ea0e208e4a194c1609ccab80d4d37444cf0490f59af10616df21c044c345449c2d3
-
SSDEEP
196608:KePBccl0sKYu/PaQtsI9iL4FMIZETSkjPePdrQJM93BMJg6x9iGvPoMut/X6e0yL:lBccLQtsTQETSkvJQCJGG4MUXx8AKOR/
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-