General
-
Target
0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861
-
Size
7.0MB
-
Sample
240826-tqx6tsvamk
-
MD5
14462f8ec7a645f19b10247328c22ec7
-
SHA1
6f43200e64a2ce622f0aedd77375bc2354392cad
-
SHA256
0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861
-
SHA512
86f1f7f57f3950923b39da1d2c2231b8ef28268b7c37a5352a2c8329636bc4ddc5013a750674f64572879496764eea8ed4fc2e650b86a72378caae4e4710b2dd
-
SSDEEP
196608:rHDQahBiIbZg4T4hac7p6eDcGRY9iTfh/7/Nv6Bj:rHD5h1behacQeHwibh/71vW
Malware Config
Extracted
rhadamanthys
https://147.124.222.184:7232/2ff7fa032802244/tnvi7gis.n72p2
Targets
-
-
Target
0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861
-
Size
7.0MB
-
MD5
14462f8ec7a645f19b10247328c22ec7
-
SHA1
6f43200e64a2ce622f0aedd77375bc2354392cad
-
SHA256
0cfd01603f092d5d793fdd11776c8e6ecb2bd1e48c4254d7efa3942879164861
-
SHA512
86f1f7f57f3950923b39da1d2c2231b8ef28268b7c37a5352a2c8329636bc4ddc5013a750674f64572879496764eea8ed4fc2e650b86a72378caae4e4710b2dd
-
SSDEEP
196608:rHDQahBiIbZg4T4hac7p6eDcGRY9iTfh/7/Nv6Bj:rHD5h1behacQeHwibh/71vW
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-