General
-
Target
ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc
-
Size
1.7MB
-
Sample
240614-ahpd6sxbnd
-
MD5
4363d52fe7027df2212ad2b3333ebaf9
-
SHA1
beac1fc8c012a28cb9f38f6e4296278543048fcf
-
SHA256
ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc
-
SHA512
bb5bcb9f7b42d370b86ad7d4c16605d9bf755fd2291a70716facc2aa62baf45aabf068882c413334332af5819a97c9c4d7703edb9ec84edd8e87c57bab36acee
-
SSDEEP
24576:ZMm5SH6MIl3LkGDhsmD/U0wA77v+M0yYvh3J9oeVaEJyqH2ai519He:ZMm5Lnl7kSUEXvAyUh3J9oeVaEk5rHe
Static task
static1
Behavioral task
behavioral1
Sample
ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc
-
Size
1.7MB
-
MD5
4363d52fe7027df2212ad2b3333ebaf9
-
SHA1
beac1fc8c012a28cb9f38f6e4296278543048fcf
-
SHA256
ff7284f443ac1839a20dff816f93f2f7e09a3c3e50cf9b8d479c620fc282ddcc
-
SHA512
bb5bcb9f7b42d370b86ad7d4c16605d9bf755fd2291a70716facc2aa62baf45aabf068882c413334332af5819a97c9c4d7703edb9ec84edd8e87c57bab36acee
-
SSDEEP
24576:ZMm5SH6MIl3LkGDhsmD/U0wA77v+M0yYvh3J9oeVaEJyqH2ai519He:ZMm5Lnl7kSUEXvAyUh3J9oeVaEk5rHe
Score10/10-
Detects DLL dropped by Raspberry Robin.
Raspberry Robin.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-