General
-
Target
DOC1718 - 17181718.zip
-
Size
25KB
-
Sample
240406-dagadaaa78
-
MD5
9953bf374579b92e1ed35b6f03a63e7b
-
SHA1
fbd5a558ef7e1c530c627d02fa2d3d5bf4d29fa1
-
SHA256
b735e0755789edf539cff7e83d3f954f6768d246fcdb72d86bc21ef77c747db7
-
SHA512
4fa94ab36bd341b18b15692ac4e7fffe13fee842ef18b4b630fad38d6df9f5b8e6aaddef4916d051e403357f963259076d1a9dfa307d9a56c315453ed754e468
-
SSDEEP
768:RrYcYFqPxguKC7o3/ZpkF5AkIEwdXNp5FH9VVatc+E:q0CpZOPAkWhN/FdfQc5
Static task
static1
Behavioral task
behavioral1
Sample
DOC1718 - 17181718.lnk
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DOC1718 - 17181718.lnk
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
DOC1718 - 17181718.lnk
-
Size
9KB
-
MD5
b2f8f92b1a74fcbe95a7a9cd50994785
-
SHA1
a124648dddeaaef25245643f98df6c50ec693b94
-
SHA256
ba41a32b699a07b7a0d7871839ef0c86a9eae01a3277c151a24d288919832fff
-
SHA512
1107e818462ad8f8f9a13f052df590c6a964a6d79aa33fc0fb91eda9ab1b05eaca64bab604834d092d57f232a188b94403125569dee9f0cdb61983a6b7c3f7e6
-
SSDEEP
192:8z5P5hm3MSBf2TL52FWGkOlRKAaqPVpVIZhVjjpOW234jXAc0y:u53cMS5ZFbkO3KYyftoy
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-