General
-
Target
ExLoadFree_4.22.rar
-
Size
10.3MB
-
Sample
240405-tln3csgh85
-
MD5
565695d9d71d5ab2ac0a564900e97f69
-
SHA1
f12d01103f09c856654d85984191aac22bdc8f5a
-
SHA256
6051fd3cf23ef53bbef462ea04592bf5e474d199e78790e8f2403c23d33e2478
-
SHA512
45ba6a4e439407e241afdd6874d7b3c6500b76dda07ef68b2c61d4a76a0dcb3ffa458e38e9dab816f883b6f1d4f3af23859b8a78ee9debc049cbef4ae3ff0784
-
SSDEEP
196608:lxHxRCU6WMZNgES+rffoRn0hvOvieYCYFJHZ+Mmrfa5ODA1V/c6Ww:7RcU6WMI28n0hDS2JHZ+MoCE07/zWw
Static task
static1
Behavioral task
behavioral1
Sample
ExLoadFree_4.22.rar
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ExLoadFree_4.22.rar
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
ExLoadFree_4.22.rar
-
Size
10.3MB
-
MD5
565695d9d71d5ab2ac0a564900e97f69
-
SHA1
f12d01103f09c856654d85984191aac22bdc8f5a
-
SHA256
6051fd3cf23ef53bbef462ea04592bf5e474d199e78790e8f2403c23d33e2478
-
SHA512
45ba6a4e439407e241afdd6874d7b3c6500b76dda07ef68b2c61d4a76a0dcb3ffa458e38e9dab816f883b6f1d4f3af23859b8a78ee9debc049cbef4ae3ff0784
-
SSDEEP
196608:lxHxRCU6WMZNgES+rffoRn0hvOvieYCYFJHZ+Mmrfa5ODA1V/c6Ww:7RcU6WMI28n0hDS2JHZ+MoCE07/zWw
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-