General
-
Target
Patrick.pdf
-
Size
36KB
-
Sample
240716-fvrb7ayhlf
-
MD5
8cda87bb4d6f53572254f7be23544b5c
-
SHA1
29e3ac8d5890f2bacdabdd26a7fe1c79307df3a7
-
SHA256
59922610678132915fd74ecc4c3f2117987135537bca02b830b08f27c3ac96d4
-
SHA512
d91f13669edadaed762c329f296c8771e6c847f57507144c92092a8043e68f013f4101fe2697545b1c7e77d5336f7771cdc0aec155240e1ae124d44cf8b319da
-
SSDEEP
768:V+EL9njhyr5AD4UPbBbFUjDNZSlDc6edap9otZNZo6a2X:V+i9jha52H0vNZSlDc6ofNOqX
Malware Config
Targets
-
-
Target
Patrick.pdf
-
Size
36KB
-
MD5
8cda87bb4d6f53572254f7be23544b5c
-
SHA1
29e3ac8d5890f2bacdabdd26a7fe1c79307df3a7
-
SHA256
59922610678132915fd74ecc4c3f2117987135537bca02b830b08f27c3ac96d4
-
SHA512
d91f13669edadaed762c329f296c8771e6c847f57507144c92092a8043e68f013f4101fe2697545b1c7e77d5336f7771cdc0aec155240e1ae124d44cf8b319da
-
SSDEEP
768:V+EL9njhyr5AD4UPbBbFUjDNZSlDc6edap9otZNZo6a2X:V+i9jha52H0vNZSlDc6ofNOqX
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-