Overview

overview

10

Static

static

3

FirefoxData.dll

windows7-x64

10

FirefoxData.dll

windows10-2004-x64

10

Resubmissions

12-08-2024 13:45

240812-q2s5gatdll 10

12-08-2024 13:42

240812-qzqxbsxfph 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FirefoxData.7z

  • Size

    944KB

  • Sample

    240812-q2s5gatdll

  • MD5

    195bc61de58bfb5cbd1b0784df29c23d

  • SHA1

    1ac31ee9ffafcc8e5f62cac6f0462f2637dbf1c1

  • SHA256

    6df25ecde5a1bb916916fbecc018fec4555316530ae9e6d21394c51642fe87f8

  • SHA512

    ca7895f7f886b0a01448048af674903eb15e9d34a60556f5173b90f9855155b55188b666d54060c24c682509e781cda62ca5b69ce3746f22ddffda103e13bada

  • SSDEEP

    24576:oGWMy/NM2ml1KFpDaPyqidJdNlD78cbhM+Tv/8T:Lyl1mla5aw/rlD73bhMK/o

Score
10/10
rhadamanthysdefense_evasiondiscoverystealer

Malware Config

Targets

    • Target

      FirefoxData.dll

    • Size

      892.3MB

    • MD5

      df0323692da9ee346abc5b0058e33131

    • SHA1

      f9cfb5752493c79d93aff8736dc29e4f7e437d19

    • SHA256

      135f10abd48878e545df9f2e481ac1cf09f01e27086083b0a2820c3668103379

    • SHA512

      3b00ed05f62ed811616ee239ebaa22c401a12ed20686337f03b08d5e8d957a4cba7c3366595b80edbd8c6d298137546a9f77001efccc6c8c7b47a1ca20364c2d

    • SSDEEP

      49152:Tmp1wTHyQhBCMsvEqDZLOkALP7fivHBbsF:T21wTHF5svPDkkk2H

    Score
    10/10
    rhadamanthysdefense_evasiondiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

      defense_evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks