General
-
Target
setup.zip
-
Size
7.5MB
-
Sample
240329-jzdtfadf77
-
MD5
8a0347b2b1dcfa882947539c6165326c
-
SHA1
7637fbc5ad38e4c39d74202cec7138125b100893
-
SHA256
b2045d805874c29a618be48bec7b68b3eab23cb4a42464d3d64327a621134dbb
-
SHA512
33686f047e8c8fda89701499708b0021fe9c8e6bfcf4b493a3c34c85d08a4221554212f9fbf208910f72c28f23b39879b9dbc3d9afd9c5686bd4d8ee1c2d818e
-
SSDEEP
196608:8Gun5Ll0oHlvNPRQXG0Zm/hc2kAjqZhNFaJnhuoia:YLBHlvAh+hcFoqZhLinhj9
Static task
static1
Behavioral task
behavioral1
Sample
setup.msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
setup.msi
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://curlhub.monster/newdrop.bs64
Targets
-
-
Target
setup.msi
-
Size
8.5MB
-
MD5
86a68878633d570e195609fe33640561
-
SHA1
5a5355a80750693493c4ff9d4184d3234ad62b73
-
SHA256
7a5d8ef1b6de2d300a6a3118426562e881577c85ab2d919f0337e4de0e9aaa92
-
SHA512
502f996aff0273aecd4256bd25b3bcd2187a2b44c1b26c0b64a622ae2d788328d8f8e9bbd8fa9119a0edb282d1737f8f502ecf69484a70b14fd287442630c1a9
-
SSDEEP
196608:zN7EYGIfVlhQ+gtODuwjWT6mPLJo/QkPM27rMr:z+3IfVlhQ+glwY6AW/h37rM
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-