General
-
Target
25ab2caba38cdae6ef7cb5568ee3cb58.exe
-
Size
1.5MB
-
Sample
240829-glbe2swgpb
-
MD5
25ab2caba38cdae6ef7cb5568ee3cb58
-
SHA1
cbb3c6c3ab571cac3e232f3a9b7d7bc6a0107f82
-
SHA256
d1dae6a275073c722606d35b783b4d176c0d8e0feff6c903c27ab9f0f8d7ab07
-
SHA512
f6f7177802006a4683a304715cf10ecf136d5a92d483f2e74d4f7c6343e1ceab9edce8e06298efdb636e9d981da7d82673cac13aac6d33c61682f65b95d441da
-
SSDEEP
49152:V3//ab6w1+NDc1pi4rRkXj1Zeecxam5uV3B3YznIYL+lvQd:V3//ab6I+NDc1Nwj1Zlm57I3pQd
Static task
static1
Behavioral task
behavioral1
Sample
25ab2caba38cdae6ef7cb5568ee3cb58.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
25ab2caba38cdae6ef7cb5568ee3cb58.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://154.216.18.122:2013/fb9e53a2cacd52/gkfd7jdw.l32g6
Targets
-
-
Target
25ab2caba38cdae6ef7cb5568ee3cb58.exe
-
Size
1.5MB
-
MD5
25ab2caba38cdae6ef7cb5568ee3cb58
-
SHA1
cbb3c6c3ab571cac3e232f3a9b7d7bc6a0107f82
-
SHA256
d1dae6a275073c722606d35b783b4d176c0d8e0feff6c903c27ab9f0f8d7ab07
-
SHA512
f6f7177802006a4683a304715cf10ecf136d5a92d483f2e74d4f7c6343e1ceab9edce8e06298efdb636e9d981da7d82673cac13aac6d33c61682f65b95d441da
-
SSDEEP
49152:V3//ab6w1+NDc1pi4rRkXj1Zeecxam5uV3B3YznIYL+lvQd:V3//ab6I+NDc1Nwj1Zlm57I3pQd
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-