General
-
Target
DOC4310 - 43104310.zip
-
Size
32KB
-
Sample
240406-enx1qaac21
-
MD5
b23df7cb39c50fd1568a10a5dea1f17c
-
SHA1
f984a8ef72d8a3667308163380181958a5e48208
-
SHA256
3fe025beaa778b6836eecc2fa30231e301dd747b2f0a33e417be3df24803c05f
-
SHA512
405963f1cf79a2d3a5fd0445b8ce0fc3daf2960d8ef4928bfc1d169ba7b52c31bb5d18a523105341f69109593ffd3024d937eebfb74977cc92be4a61260f900a
-
SSDEEP
768:GdP+jO+8mIcr+HIO9xli/ZpkF5AkIEwdXNp5FH9VVatc+O:GdPskcYIO76ZOPAkWhN/FdfQcP
Static task
static1
Behavioral task
behavioral1
Sample
DOC4310 - 43104310.lnk
Resource
win10v2004-20240226-ja
Malware Config
Targets
-
-
Target
DOC4310 - 43104310.lnk
-
Size
15KB
-
MD5
74edbb3c3ba2d85fb544748b197c00c9
-
SHA1
67d96de0f7af7ecee4b87e41970b093e174a1806
-
SHA256
bb530d072743d54a2cd400181b1e80f08986360f7f55786d1438bffd00041569
-
SHA512
d99b1ded96a7ea11c4882d9d552e2c3adccf5b098a75b27cfa48a679610e0f6df0e79d218dc4e9c01d683848daec332035328d8df4bf8351ab790093ea6c88a9
-
SSDEEP
384:u533+MS5VoOiGrqndFQTlW7hMBoH4QbvDbhaFOVSRnZTTL0zW/i:yOMSToOiLFQJ+UoH4QbfhGRnxv0i/i
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-