General
-
Target
setup.msi
-
Size
8.5MB
-
Sample
240329-jq57bsde32
-
MD5
86a68878633d570e195609fe33640561
-
SHA1
5a5355a80750693493c4ff9d4184d3234ad62b73
-
SHA256
7a5d8ef1b6de2d300a6a3118426562e881577c85ab2d919f0337e4de0e9aaa92
-
SHA512
502f996aff0273aecd4256bd25b3bcd2187a2b44c1b26c0b64a622ae2d788328d8f8e9bbd8fa9119a0edb282d1737f8f502ecf69484a70b14fd287442630c1a9
-
SSDEEP
196608:zN7EYGIfVlhQ+gtODuwjWT6mPLJo/QkPM27rMr:z+3IfVlhQ+glwY6AW/h37rM
Static task
static1
Behavioral task
behavioral1
Sample
setup.msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
setup.msi
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://curlhub.monster/newdrop.bs64
Targets
-
-
Target
setup.msi
-
Size
8.5MB
-
MD5
86a68878633d570e195609fe33640561
-
SHA1
5a5355a80750693493c4ff9d4184d3234ad62b73
-
SHA256
7a5d8ef1b6de2d300a6a3118426562e881577c85ab2d919f0337e4de0e9aaa92
-
SHA512
502f996aff0273aecd4256bd25b3bcd2187a2b44c1b26c0b64a622ae2d788328d8f8e9bbd8fa9119a0edb282d1737f8f502ecf69484a70b14fd287442630c1a9
-
SSDEEP
196608:zN7EYGIfVlhQ+gtODuwjWT6mPLJo/QkPM27rMr:z+3IfVlhQ+glwY6AW/h37rM
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-