General
-
Target
chromeremotedesktophost.msi
-
Size
20.7MB
-
Sample
240401-hh4g4agc79
-
MD5
9513997b55e2f921721554b4a3e231a1
-
SHA1
b6cf1967375ce59ae8c753459d803261e32cf694
-
SHA256
b95cb82f1409339410ece18ef4e487498fab67e4dcb5b2c4d5ee32f68dc5c2f6
-
SHA512
15ea63e069a9bf6647b729497396ef488d18838bcd4269ccbd94b5cee0540baeeac3ff9f48b91670a5e57de423c9af7c52dbef5ab25bd1ddf97e8926a4f7212d
-
SSDEEP
393216:+8RwTASYmzEpktG3q9uPnsHmOIrnaMK4rHy4QoimW:+IeKy6ktG3q9UnsHmXnaMKRp
Static task
static1
Behavioral task
behavioral1
Sample
chromeremotedesktophost.msi
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
chromeremotedesktophost.msi
-
Size
20.7MB
-
MD5
9513997b55e2f921721554b4a3e231a1
-
SHA1
b6cf1967375ce59ae8c753459d803261e32cf694
-
SHA256
b95cb82f1409339410ece18ef4e487498fab67e4dcb5b2c4d5ee32f68dc5c2f6
-
SHA512
15ea63e069a9bf6647b729497396ef488d18838bcd4269ccbd94b5cee0540baeeac3ff9f48b91670a5e57de423c9af7c52dbef5ab25bd1ddf97e8926a4f7212d
-
SSDEEP
393216:+8RwTASYmzEpktG3q9uPnsHmOIrnaMK4rHy4QoimW:+IeKy6ktG3q9UnsHmXnaMKRp
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-