General
-
Target
g753nr4GI9.exe
-
Size
4.4MB
-
Sample
241005-redxpsyhpa
-
MD5
2131426d8a3c01e0073772820265b4bd
-
SHA1
bac33ac453609577cccd2c6b1fb4981ff634e795
-
SHA256
1f53511b847a01a45e3d5d48f40dce79500175275dcf9606da1ee4864099ad8a
-
SHA512
9a24b0a26fed3730d301a4c56412f2df7a7505184ba848b9a38f21af48fd82ed549b6d56383bf119c712b663900a006e2016e04e958e40c5f529a22fb7bfb22b
-
SSDEEP
98304:dAZV7FbE2iG0gOuw1AJRoFwL0BOS+HuNY:d6VtDvGjUS+HwY
Behavioral task
behavioral1
Sample
g753nr4GI9.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
g753nr4GI9.exe
-
Size
4.4MB
-
MD5
2131426d8a3c01e0073772820265b4bd
-
SHA1
bac33ac453609577cccd2c6b1fb4981ff634e795
-
SHA256
1f53511b847a01a45e3d5d48f40dce79500175275dcf9606da1ee4864099ad8a
-
SHA512
9a24b0a26fed3730d301a4c56412f2df7a7505184ba848b9a38f21af48fd82ed549b6d56383bf119c712b663900a006e2016e04e958e40c5f529a22fb7bfb22b
-
SSDEEP
98304:dAZV7FbE2iG0gOuw1AJRoFwL0BOS+HuNY:d6VtDvGjUS+HwY
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-