General
-
Target
file
-
Size
312KB
-
Sample
240613-w9dyeaxgjg
-
MD5
062033d29b2360355a50a03e588e350b
-
SHA1
0db5ea48582d67a6efca5d78edafab8bc655a778
-
SHA256
7dea4330525071e258fa1ec05d1aa44abdc046a9d7cbc7aab5cb6a10ebaf00dd
-
SHA512
4c15de043d288da5175be1d65eecdb97c68ff9f05a37c2a243520c0db5a3f3fabce56a1decec793b52dd36f0a9f812b988895039e810a9c269fdb4a4b67b6448
-
SSDEEP
3072:BiugAkHnjPIQ6KSEX/fHoPaW+LN7DxRLlzglKvVsuk:1gAkHnjPIQBSEnIPCN7jBvVsuk
Static task
static1
Behavioral task
behavioral1
Sample
file.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
file.html
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
file
-
Size
312KB
-
MD5
062033d29b2360355a50a03e588e350b
-
SHA1
0db5ea48582d67a6efca5d78edafab8bc655a778
-
SHA256
7dea4330525071e258fa1ec05d1aa44abdc046a9d7cbc7aab5cb6a10ebaf00dd
-
SHA512
4c15de043d288da5175be1d65eecdb97c68ff9f05a37c2a243520c0db5a3f3fabce56a1decec793b52dd36f0a9f812b988895039e810a9c269fdb4a4b67b6448
-
SSDEEP
3072:BiugAkHnjPIQ6KSEX/fHoPaW+LN7DxRLlzglKvVsuk:1gAkHnjPIQBSEnIPCN7jBvVsuk
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Enumerates VirtualBox registry keys
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-