General

  • Target

    ec975154fabacbe2d626ab551470dec7500cfcc32507270ef1d0039c44e47d6d.exe

  • Size

    952KB

  • Sample

    240405-b9y85aha7w

  • MD5

    cce2ac8ae528606702c8d2766d9be0d7

  • SHA1

    6f1607201e267058f27d58a912b9cfe5530996af

  • SHA256

    ec975154fabacbe2d626ab551470dec7500cfcc32507270ef1d0039c44e47d6d

  • SHA512

    6b051e6dfeee15d3d6983e684ceb21bb321c093a68b4a7bb15973e3d1285b35fcc26dff359e4a94781a45a8cb08270faebd1b4737288b06f7cd372dbd14134d3

  • SSDEEP

    12288:cfLoc2h3PJ5m641+zCSA2YhbPL5ApRMR0xTPVz2KbWXzvbhcrrRjyaQF1pAUlgZ+:cfLoc2FrClhhbsGiwbCfZwpAogF8Vxr3

Score
10/10

Malware Config

Targets

    • Target

      ec975154fabacbe2d626ab551470dec7500cfcc32507270ef1d0039c44e47d6d.exe

    • Size

      952KB

    • MD5

      cce2ac8ae528606702c8d2766d9be0d7

    • SHA1

      6f1607201e267058f27d58a912b9cfe5530996af

    • SHA256

      ec975154fabacbe2d626ab551470dec7500cfcc32507270ef1d0039c44e47d6d

    • SHA512

      6b051e6dfeee15d3d6983e684ceb21bb321c093a68b4a7bb15973e3d1285b35fcc26dff359e4a94781a45a8cb08270faebd1b4737288b06f7cd372dbd14134d3

    • SSDEEP

      12288:cfLoc2h3PJ5m641+zCSA2YhbPL5ApRMR0xTPVz2KbWXzvbhcrrRjyaQF1pAUlgZ+:cfLoc2FrClhhbsGiwbCfZwpAogF8Vxr3

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks