General

  • Target

    ExLoadFree_4.22.rar

  • Size

    10.3MB

  • Sample

    240405-tln3csgh85

  • MD5

    565695d9d71d5ab2ac0a564900e97f69

  • SHA1

    f12d01103f09c856654d85984191aac22bdc8f5a

  • SHA256

    6051fd3cf23ef53bbef462ea04592bf5e474d199e78790e8f2403c23d33e2478

  • SHA512

    45ba6a4e439407e241afdd6874d7b3c6500b76dda07ef68b2c61d4a76a0dcb3ffa458e38e9dab816f883b6f1d4f3af23859b8a78ee9debc049cbef4ae3ff0784

  • SSDEEP

    196608:lxHxRCU6WMZNgES+rffoRn0hvOvieYCYFJHZ+Mmrfa5ODA1V/c6Ww:7RcU6WMI28n0hDS2JHZ+MoCE07/zWw

Score
10/10

Malware Config

Targets

    • Target

      ExLoadFree_4.22.rar

    • Size

      10.3MB

    • MD5

      565695d9d71d5ab2ac0a564900e97f69

    • SHA1

      f12d01103f09c856654d85984191aac22bdc8f5a

    • SHA256

      6051fd3cf23ef53bbef462ea04592bf5e474d199e78790e8f2403c23d33e2478

    • SHA512

      45ba6a4e439407e241afdd6874d7b3c6500b76dda07ef68b2c61d4a76a0dcb3ffa458e38e9dab816f883b6f1d4f3af23859b8a78ee9debc049cbef4ae3ff0784

    • SSDEEP

      196608:lxHxRCU6WMZNgES+rffoRn0hvOvieYCYFJHZ+Mmrfa5ODA1V/c6Ww:7RcU6WMI28n0hDS2JHZ+MoCE07/zWw

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks