General
-
Target
e7dec31185f1555bb009e5f7348a31f98bb0d60c82d81c6ab42f95d6715ca6dc.lnk
-
Size
1KB
-
Sample
240419-cjvcxsdg42
-
MD5
6b602c96ff01c4f55c7a625b2358a988
-
SHA1
af42a6e2c1b97a958cf9e50a30cdf02221c07098
-
SHA256
e7dec31185f1555bb009e5f7348a31f98bb0d60c82d81c6ab42f95d6715ca6dc
-
SHA512
a793e118ba79adfe4370dd9a7f20dc90e64c3edc80a2f7fce052241c311e59fb15e71d4f1e38c60c9730cff6af9583c3fbcad9320f69968e8b90d7424036af95
Static task
static1
Behavioral task
behavioral1
Sample
e7dec31185f1555bb009e5f7348a31f98bb0d60c82d81c6ab42f95d6715ca6dc.lnk
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e7dec31185f1555bb009e5f7348a31f98bb0d60c82d81c6ab42f95d6715ca6dc.lnk
Resource
win10v2004-20240412-en
Malware Config
Extracted
http://93.190.140.76/factura
Extracted
http://93.190.140.76/factura
Targets
-
-
Target
e7dec31185f1555bb009e5f7348a31f98bb0d60c82d81c6ab42f95d6715ca6dc.lnk
-
Size
1KB
-
MD5
6b602c96ff01c4f55c7a625b2358a988
-
SHA1
af42a6e2c1b97a958cf9e50a30cdf02221c07098
-
SHA256
e7dec31185f1555bb009e5f7348a31f98bb0d60c82d81c6ab42f95d6715ca6dc
-
SHA512
a793e118ba79adfe4370dd9a7f20dc90e64c3edc80a2f7fce052241c311e59fb15e71d4f1e38c60c9730cff6af9583c3fbcad9320f69968e8b90d7424036af95
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-