General
-
Target
setup.msi
-
Size
8.4MB
-
Sample
240323-hlmnraha9s
-
MD5
a2e3199293fff95f443213de0337af3c
-
SHA1
7b850e6e85ea3feebf31b6910bdd250eb9b34815
-
SHA256
19e42f8ba3b2111189187955b512024ed5f4bc8dc04d434bdc5acb51f8e231e4
-
SHA512
5a5700f304a43dc8794100e4d1c718c48fbdd7f3b0ab125a810f3ac665d8f620bc3e870affee8acba06841c21e8435ce7f2471f416f405294260e22d428d93ea
-
SSDEEP
196608:yN7PYGIfVlhQ+gtODuwjWT6mPZA8XTZVtl5C:yp3IfVlhQ+glwY6AZAEtl
Malware Config
Extracted
https://iigggkkl.monster/newdrop3.ps1
Extracted
stealc
http://91.202.233.204
-
url_path
/129edec4272dc2c8.php
Targets
-
-
Target
setup.msi
-
Size
8.4MB
-
MD5
a2e3199293fff95f443213de0337af3c
-
SHA1
7b850e6e85ea3feebf31b6910bdd250eb9b34815
-
SHA256
19e42f8ba3b2111189187955b512024ed5f4bc8dc04d434bdc5acb51f8e231e4
-
SHA512
5a5700f304a43dc8794100e4d1c718c48fbdd7f3b0ab125a810f3ac665d8f620bc3e870affee8acba06841c21e8435ce7f2471f416f405294260e22d428d93ea
-
SSDEEP
196608:yN7PYGIfVlhQ+gtODuwjWT6mPZA8XTZVtl5C:yp3IfVlhQ+glwY6AZAEtl
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Stealc
Stealc is an infostealer written in C++.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-