General
-
Target
33682e861b76b0ae22b7361f5b59bb7e69b95e69480156714f01e7044408b546.exe
-
Size
4.3MB
-
Sample
240709-teqbvatamd
-
MD5
651962c322d049e7271543d8d2673311
-
SHA1
e4a3c9a15006aae882697cff0ec90795f658ee94
-
SHA256
33682e861b76b0ae22b7361f5b59bb7e69b95e69480156714f01e7044408b546
-
SHA512
121b96a1ce8e12924e41c2243cea25dbc13240c6cfadcfe01aecbea1c6676261cbcf89677fb1a8e429e22d47b1030b9e24e03b96a5f7e956316f02bd8d2c74b1
-
SSDEEP
98304:fh0DJ8JeTBYX6L9jeMr31y0pv/u4EmRIO3HLWjds/ht/tpxeSZ:bJeTKX6L9fHBW4bW+zdeS
Malware Config
Targets
-
-
Target
33682e861b76b0ae22b7361f5b59bb7e69b95e69480156714f01e7044408b546.exe
-
Size
4.3MB
-
MD5
651962c322d049e7271543d8d2673311
-
SHA1
e4a3c9a15006aae882697cff0ec90795f658ee94
-
SHA256
33682e861b76b0ae22b7361f5b59bb7e69b95e69480156714f01e7044408b546
-
SHA512
121b96a1ce8e12924e41c2243cea25dbc13240c6cfadcfe01aecbea1c6676261cbcf89677fb1a8e429e22d47b1030b9e24e03b96a5f7e956316f02bd8d2c74b1
-
SSDEEP
98304:fh0DJ8JeTBYX6L9jeMr31y0pv/u4EmRIO3HLWjds/ht/tpxeSZ:bJeTKX6L9fHBW4bW+zdeS
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-