General
-
Target
setup.msi
-
Size
25.2MB
-
Sample
240618-p92adavbmf
-
MD5
9e10d740b32cd15a4fb9a947f911b924
-
SHA1
6ed60f2f79f986cbf4cc6ab1076522b9c762c272
-
SHA256
ce35819b8e52f92738534f2b0c0d468bdade96eba64a41915618ab11c04c994a
-
SHA512
d793f50e6a417a8c75da3a3e809c9cb2d2724d92600e994a90c4198f47937ad462d1682a5277fcb3f0d6648fee2511a2b43c96ff96e8e6a7bec4e461b6bd7a08
-
SSDEEP
393216:o+OBUMu/xfGNU/6EiKJ5q7cPYALEUEZZ5XXMHjmPaKshz8Rk3KRrREZ78t0N:o+FMSuNCXFYHnbBXHaJ8a3wrREit0
Static task
static1
Behavioral task
behavioral1
Sample
setup.msi
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
setup.msi
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://gotry-gotry.com/25053.bs64
Targets
-
-
Target
setup.msi
-
Size
25.2MB
-
MD5
9e10d740b32cd15a4fb9a947f911b924
-
SHA1
6ed60f2f79f986cbf4cc6ab1076522b9c762c272
-
SHA256
ce35819b8e52f92738534f2b0c0d468bdade96eba64a41915618ab11c04c994a
-
SHA512
d793f50e6a417a8c75da3a3e809c9cb2d2724d92600e994a90c4198f47937ad462d1682a5277fcb3f0d6648fee2511a2b43c96ff96e8e6a7bec4e461b6bd7a08
-
SSDEEP
393216:o+OBUMu/xfGNU/6EiKJ5q7cPYALEUEZZ5XXMHjmPaKshz8Rk3KRrREZ78t0N:o+FMSuNCXFYHnbBXHaJ8a3wrREit0
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-