General
-
Target
19042024_0027_stage.hta
-
Size
184KB
-
Sample
240418-tygh2saf8v
-
MD5
67c2c11c382e2bc55195169d0efa2ae6
-
SHA1
b9dff41f845f419df8a34ec0f3ad5211894e4839
-
SHA256
f288b51bbbec3bc248342fd71d49cc759615f24251d02524a1e49b18f6dab7ba
-
SHA512
ab7e6053de9da5867d63c3614562a6d9b87baffb52ae987b3475d37d916f13a7722310627cf6d587cdfed08e93e58401c0efc4c3c593cb33a28b3128cf09f2c0
-
SSDEEP
768:lfGgTViahszDOtfGgTViahszDOU68n5SDNPxmfinvr4zEfGgTViahszDOmefGgTV:F4WsO94WsO14WsOF4WsO
Malware Config
Targets
-
-
Target
19042024_0027_stage.hta
-
Size
184KB
-
MD5
67c2c11c382e2bc55195169d0efa2ae6
-
SHA1
b9dff41f845f419df8a34ec0f3ad5211894e4839
-
SHA256
f288b51bbbec3bc248342fd71d49cc759615f24251d02524a1e49b18f6dab7ba
-
SHA512
ab7e6053de9da5867d63c3614562a6d9b87baffb52ae987b3475d37d916f13a7722310627cf6d587cdfed08e93e58401c0efc4c3c593cb33a28b3128cf09f2c0
-
SSDEEP
768:lfGgTViahszDOtfGgTViahszDOU68n5SDNPxmfinvr4zEfGgTViahszDOmefGgTV:F4WsO94WsO14WsOF4WsO
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-