General
-
Target
archive.zip
-
Size
22.0MB
-
Sample
240710-zy4lgazerl
-
MD5
473d8bc03e663cd000c20e5e2975750b
-
SHA1
2535669f5e83091e1fce5273ada039d90d240cf7
-
SHA256
097ca57103fe0a953b99bf318747361692ed34524830aab143879060d6e2fb1d
-
SHA512
c16a0fcf09f1112a188eaed9e1b49ba10d279e3306cd99b65b60b7f1a70f37fad653211c9568a80f0e2d94b431f85e9176e457af534ca99d1707ed189fd010c1
-
SSDEEP
393216:kL530HuXSB7ZLPJYJrUK4OKPtKiIK5LKaxKhHK2VKaiKdWKn9KIYKf66jCx6LOoF:kXSB7ZlYrUK4OKPtKiIK5LKaxKhHK2Vt
Static task
static1
Behavioral task
behavioral1
Sample
archive/setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
archive/setup.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
archive/setup.exe
Resource
win11-20240709-en
Malware Config
Targets
-
-
Target
archive/setup.exe
-
Size
792.5MB
-
MD5
0f4e82710cf21a3c36a72f3d5378c32a
-
SHA1
6c64e4c47eaf6a74263babaf7add0c1b79e32526
-
SHA256
b0212959666982690085eeaa577fbd02d9bbb2a6ae6851a8082deb03001af485
-
SHA512
5a521e5a25d2d5861fff0682e81588e8e23348aa80374c3182618c9d85e570fcd8e262441be174a6584fd6504d191439a6174de3268905d658410497e50483aa
-
SSDEEP
98304:2joPBEfPICvGozzDssWvOrwfSDM+Hh8gmeFitvuGzbtLxZ:OoqACjPQsWvO8fSDJmcitvuGVL
Score10/10-
Modifies firewall policy service
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-