General

  • Target

    25ab2caba38cdae6ef7cb5568ee3cb58.exe

  • Size

    1.5MB

  • Sample

    240829-glbe2swgpb

  • MD5

    25ab2caba38cdae6ef7cb5568ee3cb58

  • SHA1

    cbb3c6c3ab571cac3e232f3a9b7d7bc6a0107f82

  • SHA256

    d1dae6a275073c722606d35b783b4d176c0d8e0feff6c903c27ab9f0f8d7ab07

  • SHA512

    f6f7177802006a4683a304715cf10ecf136d5a92d483f2e74d4f7c6343e1ceab9edce8e06298efdb636e9d981da7d82673cac13aac6d33c61682f65b95d441da

  • SSDEEP

    49152:V3//ab6w1+NDc1pi4rRkXj1Zeecxam5uV3B3YznIYL+lvQd:V3//ab6I+NDc1Nwj1Zlm57I3pQd

Malware Config

Extracted

Family

rhadamanthys

C2

https://154.216.18.122:2013/fb9e53a2cacd52/gkfd7jdw.l32g6

Targets

    • Target

      25ab2caba38cdae6ef7cb5568ee3cb58.exe

    • Size

      1.5MB

    • MD5

      25ab2caba38cdae6ef7cb5568ee3cb58

    • SHA1

      cbb3c6c3ab571cac3e232f3a9b7d7bc6a0107f82

    • SHA256

      d1dae6a275073c722606d35b783b4d176c0d8e0feff6c903c27ab9f0f8d7ab07

    • SHA512

      f6f7177802006a4683a304715cf10ecf136d5a92d483f2e74d4f7c6343e1ceab9edce8e06298efdb636e9d981da7d82673cac13aac6d33c61682f65b95d441da

    • SSDEEP

      49152:V3//ab6w1+NDc1pi4rRkXj1Zeecxam5uV3B3YznIYL+lvQd:V3//ab6I+NDc1Nwj1Zlm57I3pQd

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks