General
-
Target
19042024_0036_factura.hta
-
Size
186KB
-
Sample
240418-t4b6hshf96
-
MD5
e33380cd66cb38cdf6ed3008e1c8154e
-
SHA1
961327ff23c8c578ad91902b03c2c0f61ebaa721
-
SHA256
ecdf70fe9c6423522d7ed26058a9c705413b923863eddc44cf406d55bbc8f7d9
-
SHA512
eed9a814439d38c8043dbe9303e7ad0bf52aee3fc4e929bc976e610e29b65902d0b0f8eddb353474f1bdd75e555e5be5818dfd79b1b8ca665a1d1c9d09adbead
-
SSDEEP
768:lfGgTViahszDOtfGgTViahszDO0jzefGgTViahszDOHefGgTViahszDO:F4WsO94WsOsu4WsOC4WsO
Malware Config
Targets
-
-
Target
19042024_0036_factura.hta
-
Size
186KB
-
MD5
e33380cd66cb38cdf6ed3008e1c8154e
-
SHA1
961327ff23c8c578ad91902b03c2c0f61ebaa721
-
SHA256
ecdf70fe9c6423522d7ed26058a9c705413b923863eddc44cf406d55bbc8f7d9
-
SHA512
eed9a814439d38c8043dbe9303e7ad0bf52aee3fc4e929bc976e610e29b65902d0b0f8eddb353474f1bdd75e555e5be5818dfd79b1b8ca665a1d1c9d09adbead
-
SSDEEP
768:lfGgTViahszDOtfGgTViahszDO0jzefGgTViahszDOHefGgTViahszDO:F4WsO94WsOsu4WsOC4WsO
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-