General
-
Target
Launcher.exe
-
Size
364KB
-
Sample
240822-1lj7qszarh
-
MD5
fea10d11d84919cb9a0a0752d61c0a66
-
SHA1
aea3c65e2b62851b2dd112597f28379b49c58a0a
-
SHA256
2786febdd57874118eaf5e257382cf4467d43f9ca189ac48ff6d45494f1cbab7
-
SHA512
e382f79ec1f1c370cd0053cccc7a0db8f3dc28b22f9dacd5f425c60adfb21e4a6eed3e119a7f9bbf135839e22d46511ca793cf8b5118d0e6256ebbbe749fc508
-
SSDEEP
6144:LpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrZR5lJWPkOD:Lp8KLBzQ7Lcf3SiQs2FTTql9unNrkvzw
Malware Config
Extracted
rhadamanthys
https://45.159.188.37:443/44194499adc4d2b753ee/gcj8ajmp.qnu3f
Targets
-
-
Target
Launcher.exe
-
Size
364KB
-
MD5
fea10d11d84919cb9a0a0752d61c0a66
-
SHA1
aea3c65e2b62851b2dd112597f28379b49c58a0a
-
SHA256
2786febdd57874118eaf5e257382cf4467d43f9ca189ac48ff6d45494f1cbab7
-
SHA512
e382f79ec1f1c370cd0053cccc7a0db8f3dc28b22f9dacd5f425c60adfb21e4a6eed3e119a7f9bbf135839e22d46511ca793cf8b5118d0e6256ebbbe749fc508
-
SSDEEP
6144:LpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrZR5lJWPkOD:Lp8KLBzQ7Lcf3SiQs2FTTql9unNrkvzw
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1