General
-
Target
cce2ac8ae528606702c8d2766d9be0d7.exe
-
Size
952KB
-
Sample
240404-mntbjace7t
-
MD5
cce2ac8ae528606702c8d2766d9be0d7
-
SHA1
6f1607201e267058f27d58a912b9cfe5530996af
-
SHA256
ec975154fabacbe2d626ab551470dec7500cfcc32507270ef1d0039c44e47d6d
-
SHA512
6b051e6dfeee15d3d6983e684ceb21bb321c093a68b4a7bb15973e3d1285b35fcc26dff359e4a94781a45a8cb08270faebd1b4737288b06f7cd372dbd14134d3
-
SSDEEP
12288:cfLoc2h3PJ5m641+zCSA2YhbPL5ApRMR0xTPVz2KbWXzvbhcrrRjyaQF1pAUlgZ+:cfLoc2FrClhhbsGiwbCfZwpAogF8Vxr3
Static task
static1
Behavioral task
behavioral1
Sample
cce2ac8ae528606702c8d2766d9be0d7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cce2ac8ae528606702c8d2766d9be0d7.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
cce2ac8ae528606702c8d2766d9be0d7.exe
-
Size
952KB
-
MD5
cce2ac8ae528606702c8d2766d9be0d7
-
SHA1
6f1607201e267058f27d58a912b9cfe5530996af
-
SHA256
ec975154fabacbe2d626ab551470dec7500cfcc32507270ef1d0039c44e47d6d
-
SHA512
6b051e6dfeee15d3d6983e684ceb21bb321c093a68b4a7bb15973e3d1285b35fcc26dff359e4a94781a45a8cb08270faebd1b4737288b06f7cd372dbd14134d3
-
SSDEEP
12288:cfLoc2h3PJ5m641+zCSA2YhbPL5ApRMR0xTPVz2KbWXzvbhcrrRjyaQF1pAUlgZ+:cfLoc2FrClhhbsGiwbCfZwpAogF8Vxr3
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-