General
-
Target
23564984
-
Size
70KB
-
Sample
240212-x6abgscg88
-
MD5
3d89cbe9713713fc038093637a602b29
-
SHA1
cedd51d531784fd158783d94e4a003b03f838d71
-
SHA256
187fa58d15a59f20c752a75a4cf76e3e8437da5a1d48acdb343392c692a73067
-
SHA512
0572b10f472130d9ee6a3fd121d2e59848e123b84b5916352e42f63511521fb4cd34a12d484718045c9c421e76a9ec95cd3007ec4a4210f9e6ea3eb6c7e58fb6
-
SSDEEP
1536:R5JC7UPpyY3TE82Fp5CVJXRP3qOm7yFeKGMzGslhYUWNQRpI2ti5Oz:R58ARIqo2tiEz
Static task
static1
Behavioral task
behavioral1
Sample
23564984.hta
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
23564984.hta
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
23564984
-
Size
70KB
-
MD5
3d89cbe9713713fc038093637a602b29
-
SHA1
cedd51d531784fd158783d94e4a003b03f838d71
-
SHA256
187fa58d15a59f20c752a75a4cf76e3e8437da5a1d48acdb343392c692a73067
-
SHA512
0572b10f472130d9ee6a3fd121d2e59848e123b84b5916352e42f63511521fb4cd34a12d484718045c9c421e76a9ec95cd3007ec4a4210f9e6ea3eb6c7e58fb6
-
SSDEEP
1536:R5JC7UPpyY3TE82Fp5CVJXRP3qOm7yFeKGMzGslhYUWNQRpI2ti5Oz:R58ARIqo2tiEz
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2