General
-
Target
installer.zip
-
Size
4.0MB
-
Sample
240208-zaemfacb57
-
MD5
00d72d592df823cb8083c9e190fc2cad
-
SHA1
9d31c129f5269c8aa167bc6f843d294ae7bdcbe1
-
SHA256
6b5bb2e211da224dad374058f89f60507e2d6d37326c66f01e2be2c9bd3331d8
-
SHA512
6de34353a6015cd0ccbe3f96d2be4010ad5cd811e34af682ee97025a78f6bbce7ff52954374179e5478b22c2abad56fb6348faa2b4a9b4702d5a613874f0b30e
-
SSDEEP
98304:En8fq+vnJ+K8SIPyOiLa/QZp1qaChwLJiAa5:E8fzvnEpSkQtfvLfA
Static task
static1
Behavioral task
behavioral1
Sample
installer.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
installer.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://good2-led.com/dark4.bs64
Targets
-
-
Target
installer.exe
-
Size
6.4MB
-
MD5
3935cf102e1dad3eff8c0b85c27ecc91
-
SHA1
40a9d6eafb61efef639bf7cf46d2d8f326f0ac53
-
SHA256
fc8af82be87e8933e8e1a48999a412b5b240815c32de17d4ec5963f83a8381f3
-
SHA512
8c2a59cc6e5f9bae05c3d06e510e169e724c7a16365ec43ddd13a81373cfe2255dac12acf385aba5b61b7667b4d2481ee8d954064390868cea6b1f7e9fe87b61
-
SSDEEP
98304:OAs++BUHecpbpx+sborjZGS/mihRXnH9EEkXDc7hYuIH15KaaABXMUI:OAKBx4px+sNM32pD25IfKa3BXa
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-