General
-
Target
0024f2af21d239ce45c14ce295b28ac2.exe
-
Size
11.1MB
-
Sample
240829-glbe2sydpk
-
MD5
0024f2af21d239ce45c14ce295b28ac2
-
SHA1
51c27e4c16ef9b68874ced062d29e357a380d25b
-
SHA256
eabcd20c183903046a1d28b72a6178da24879d8057594334ce300bc969c7e23d
-
SHA512
741edd582ce34c352c6965cc4487408b18e63e2fb0bb5ae8c103de5c02e56cb22fa80c83d3b69b03b6e315fd7694ffa22d948adbe2f3eb38f5eb5ed4c1fad545
-
SSDEEP
196608:MOJ9gF/d8f23gg1tvLpPEBKqY1iyvB6nBtPISH95B08fVBTyRKfqrUM+kLsOiLlU:MOJ9gF/d8f23gg1ZLpPEBKqY1iyvB6n6
Behavioral task
behavioral1
Sample
0024f2af21d239ce45c14ce295b28ac2.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
0024f2af21d239ce45c14ce295b28ac2.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://5.42.99.131:443/e0bd9c1f4515facb49/m58gpf5u.6eabm
Targets
-
-
Target
0024f2af21d239ce45c14ce295b28ac2.exe
-
Size
11.1MB
-
MD5
0024f2af21d239ce45c14ce295b28ac2
-
SHA1
51c27e4c16ef9b68874ced062d29e357a380d25b
-
SHA256
eabcd20c183903046a1d28b72a6178da24879d8057594334ce300bc969c7e23d
-
SHA512
741edd582ce34c352c6965cc4487408b18e63e2fb0bb5ae8c103de5c02e56cb22fa80c83d3b69b03b6e315fd7694ffa22d948adbe2f3eb38f5eb5ed4c1fad545
-
SSDEEP
196608:MOJ9gF/d8f23gg1tvLpPEBKqY1iyvB6nBtPISH95B08fVBTyRKfqrUM+kLsOiLlU:MOJ9gF/d8f23gg1ZLpPEBKqY1iyvB6n6
Score10/10-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes itself
-
Suspicious use of SetThreadContext
-