General
-
Target
DOC692-692692.lnk.zip
-
Size
26KB
-
Sample
240405-ntewrsag7y
-
MD5
d00d0e67c7d35c9a4abebf6de8313e94
-
SHA1
8647078e528e3cc30726b81c4a44e6f2e76598e2
-
SHA256
3b9db9baa7abb0f6648f2ee6147486a9432e4c635d47a4b8e0202fb922106aef
-
SHA512
2c02d59d41d5c67b0f1af1af233f89b92caf8c11adbac2dbd49af0a57315b35ced3a78dcc4ae42e7f7098ceef1acfad086d249aec518b795d8f2747881135a51
-
SSDEEP
768:un4Uy2i97Q/ZpkF5AkIEwdXNp5FH9VVatc+T:unorVQZOPAkWhN/FdfQc0
Static task
static1
Behavioral task
behavioral1
Sample
DOC692 - 692692.lnk
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DOC692 - 692692.lnk
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
DOC692 - 692692.lnk
-
Size
9KB
-
MD5
a344b567076691b5cd838512c99bc884
-
SHA1
0de4ad8f9f127c0c444bb7db4459d0977b1f6506
-
SHA256
decbd662ecab295cb2c060232a6de8218843d671b7cb628aaf769ba4bcdf126f
-
SHA512
ad6d3fed7647c933c9a23938f7c39a8799d5845cd6a9e1fec6d0a2044c740795d428e89467c4e5b1f8217217f272863438b68e160da312d6ae8498af9688dd98
-
SSDEEP
192:8z5phm3MSBfQbxE4l2g9FWV4FBno2dzSkbP43O5yrf68g493f61hVNeXkI:u5fcMS5Qb6EouFB3dzBbw3Omf68Zp9XV
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-