General
-
Target
6391-BST-SH.zip
-
Size
21KB
-
Sample
240405-jk4fjsfb53
-
MD5
4dac87af2e8f015250cacab02bfa9816
-
SHA1
4f34502d38002b179d9e9719194eaace2c873c4e
-
SHA256
31bf95ff1e9fc8d0a1787c473e12a1448e7c34ea586e4c4ee5f68ab5d15ac594
-
SHA512
7e0f3bded8eed34427de11aca494d393ce706493e9da8fabbb98ea6152f18021cfab62050e4c174c35992a4eb8dc259d3009311973d76823a1b695e77904f503
-
SSDEEP
384:2GxqjjlMedK+ZbV47FSUe7wKqBA7oAHxL3C6/cEWlacEhZXEyEdf2:2jwObSAUvKqBA3HxL3z/Dc8XEyEc
Static task
static1
Behavioral task
behavioral1
Sample
6391-BST-SH.lnk
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
6391-BST-SH.lnk
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
6391-BST-SH.lnk
-
Size
11KB
-
MD5
adf7c3664cea2c5ea0b0bed6092f782d
-
SHA1
19d4c09d6a55b327fe7853da16ef259ccbb39635
-
SHA256
ab77586e8f74d90236f06107b0cd965c7a2d78cc978c56ccf047e17bcefb8d46
-
SHA512
f94c74b4b0dc049059c651e8b68a2b5b73f080c41bd9b2d7aa017010ecc9c6dcd8cb02508643ca54e6a0c07fa9294ad99d5bf5b242be4f5cbb01af13ce3e330f
-
SSDEEP
192:8z54h/WKdqhSsL4QuOdU4vAOtV01NUzfmQLZbicaNO6aBhOiHm6vepsM77+F/dK:u5c/5LQTKMt6UzfmQdbi/w6MhO1GelOq
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-