General
-
Target
freedomOSU1.12.rar
-
Size
803KB
-
Sample
240403-cjemgada89
-
MD5
0c9c295b75d76525154f9fc03aefd0a2
-
SHA1
886e81bb6733cb9e33fb3c64bc9dbdfc96308419
-
SHA256
f6d3d9319fe42be572804cd30d6a562094d2c00899707a64425d034b26818d10
-
SHA512
bf9732cddc19162ac63f8cd030b19995b594303e79269eb1562947390c0c5902ad4c706313829262fa805274815b937a6e66527ce0c0d01e4154138c5e96e57d
-
SSDEEP
24576:Njfs5lXuT5cc+3sk/Vg4nc5sjAzicDW3lUTLjl:Njftt+3pgnSK2UTvl
Static task
static1
Behavioral task
behavioral1
Sample
freedomOSU1.12.rar
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
freedomOSU1.12.rar
-
Size
803KB
-
MD5
0c9c295b75d76525154f9fc03aefd0a2
-
SHA1
886e81bb6733cb9e33fb3c64bc9dbdfc96308419
-
SHA256
f6d3d9319fe42be572804cd30d6a562094d2c00899707a64425d034b26818d10
-
SHA512
bf9732cddc19162ac63f8cd030b19995b594303e79269eb1562947390c0c5902ad4c706313829262fa805274815b937a6e66527ce0c0d01e4154138c5e96e57d
-
SSDEEP
24576:Njfs5lXuT5cc+3sk/Vg4nc5sjAzicDW3lUTLjl:Njftt+3pgnSK2UTvl
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-