General
-
Target
NcCrack-Loader.zip
-
Size
12.8MB
-
Sample
240622-vgsenazcmn
-
MD5
18e398f15f5f2adbc5c0d8481f8a5100
-
SHA1
8f092c32b221ff1256e079cbc5ff606cffc0ff09
-
SHA256
380e7634606079bda646b9254ee41e4382b66d893023edbfa95d00f0dd8fb8a1
-
SHA512
c1825c7de4cba4e01a0d5d7a1c9b851f3d5467dc90623d26f9287467327c15959158ffb3ab776a4c24a5084b4b25e509978e2d88e9b1b7499fb25d8580fd0058
-
SSDEEP
393216:PQdfQ2QnNgnxIvrbNOGcPHaNH1C7z7mI26Bkjf+OugZFdw4V16gvp:POfQ/Ngx6oGt1C7fw6BPg5T1FR
Static task
static1
Behavioral task
behavioral1
Sample
NcCrack-Loader.zip
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
NcCrack-Loader.zip
-
Size
12.8MB
-
MD5
18e398f15f5f2adbc5c0d8481f8a5100
-
SHA1
8f092c32b221ff1256e079cbc5ff606cffc0ff09
-
SHA256
380e7634606079bda646b9254ee41e4382b66d893023edbfa95d00f0dd8fb8a1
-
SHA512
c1825c7de4cba4e01a0d5d7a1c9b851f3d5467dc90623d26f9287467327c15959158ffb3ab776a4c24a5084b4b25e509978e2d88e9b1b7499fb25d8580fd0058
-
SSDEEP
393216:PQdfQ2QnNgnxIvrbNOGcPHaNH1C7z7mI26Bkjf+OugZFdw4V16gvp:POfQ/Ngx6oGt1C7fw6BPg5T1FR
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-