General
-
Target
b423e08d83060bea5f6a75a8cbfe6d7084db89ef9deb8602c264293601873186.exe
-
Size
2.5MB
-
Sample
240719-jktw4szbrr
-
MD5
135a429806034bd99cf913a3d6c19aa5
-
SHA1
3d801912d0d61535764506962e0e8f248319a3cd
-
SHA256
b423e08d83060bea5f6a75a8cbfe6d7084db89ef9deb8602c264293601873186
-
SHA512
fdebb8556baa1bb273fc04532e6594005a7c1c972e501b1f5e95046c2252363f2b81c0948d42c535fd1cc4e42ae6ef176a8d5bbe9b792de38babab6eedf37cd3
-
SSDEEP
49152:XOO2EZtuoHjBw65ivfPxFY/WcuMjy+4vDI:XOO7nGRMWnMjE8
Malware Config
Extracted
rhadamanthys
https://77.221.154.49/68c8ee7d3c216cd1fa3c/en3cccbn.s7sw2
Targets
-
-
Target
b423e08d83060bea5f6a75a8cbfe6d7084db89ef9deb8602c264293601873186.exe
-
Size
2.5MB
-
MD5
135a429806034bd99cf913a3d6c19aa5
-
SHA1
3d801912d0d61535764506962e0e8f248319a3cd
-
SHA256
b423e08d83060bea5f6a75a8cbfe6d7084db89ef9deb8602c264293601873186
-
SHA512
fdebb8556baa1bb273fc04532e6594005a7c1c972e501b1f5e95046c2252363f2b81c0948d42c535fd1cc4e42ae6ef176a8d5bbe9b792de38babab6eedf37cd3
-
SSDEEP
49152:XOO2EZtuoHjBw65ivfPxFY/WcuMjy+4vDI:XOO7nGRMWnMjE8
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-