General
-
Target
tmp
-
Size
938KB
-
Sample
240417-xpws6acc8x
-
MD5
9e64b65535e29ec152642d8bdcb22974
-
SHA1
5431aa7526ba193c0a92afffe2537bc54f51a0ba
-
SHA256
6586cb8766c14a87330bf6c79a7cbd7cbff3ca9da63574a9c348645117d08f14
-
SHA512
f895c62431502fa92d36b5e0cb929b4957ca41f9253dadecd6a06153dc566e12a5d835a162f6aeb0e8ea1eb1fb9c65ab716f7c43faca0672aff37900c56b156e
-
SSDEEP
24576:cbSLx7bBqTC9oA414OYDsSyMZblh50gjuQk47blB7uFujRVeYr4c:GS79qK4cDs6q7QX7bl1u6LzMc
Malware Config
Targets
-
-
Target
tmp
-
Size
938KB
-
MD5
9e64b65535e29ec152642d8bdcb22974
-
SHA1
5431aa7526ba193c0a92afffe2537bc54f51a0ba
-
SHA256
6586cb8766c14a87330bf6c79a7cbd7cbff3ca9da63574a9c348645117d08f14
-
SHA512
f895c62431502fa92d36b5e0cb929b4957ca41f9253dadecd6a06153dc566e12a5d835a162f6aeb0e8ea1eb1fb9c65ab716f7c43faca0672aff37900c56b156e
-
SSDEEP
24576:cbSLx7bBqTC9oA414OYDsSyMZblh50gjuQk47blB7uFujRVeYr4c:GS79qK4cDs6q7QX7bl1u6LzMc
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-