General
-
Target
670ccb105fa2c7a9d8bdd3c7f6f2699b.exe
-
Size
1.7MB
-
Sample
240829-glbqtawgpe
-
MD5
670ccb105fa2c7a9d8bdd3c7f6f2699b
-
SHA1
0e9ac86df0593a944c429a7a3412a5740cf6b4d7
-
SHA256
b130fe2fceada2a1980b6a0015c1bc1a9c1ee08f6229d99e43de82351da541fa
-
SHA512
e9d9565ad6aa2c77c94d85dadd83925fc0e7fe83a7d2a7dc15fcedbac09884f39435b8fde30b85f44e0d099e8c632d241e6b8a5979b11e850dc5758d1173cc4e
-
SSDEEP
49152:Ayb2BrVCEy/qjqMb08GowuNt3tewvujDP6A7:ALWGFb0fowuNJtDuB
Malware Config
Extracted
rhadamanthys
https://154.216.18.122:2013/fb9e53a2cacd52/10jt31al.2l6rf
Targets
-
-
Target
670ccb105fa2c7a9d8bdd3c7f6f2699b.exe
-
Size
1.7MB
-
MD5
670ccb105fa2c7a9d8bdd3c7f6f2699b
-
SHA1
0e9ac86df0593a944c429a7a3412a5740cf6b4d7
-
SHA256
b130fe2fceada2a1980b6a0015c1bc1a9c1ee08f6229d99e43de82351da541fa
-
SHA512
e9d9565ad6aa2c77c94d85dadd83925fc0e7fe83a7d2a7dc15fcedbac09884f39435b8fde30b85f44e0d099e8c632d241e6b8a5979b11e850dc5758d1173cc4e
-
SSDEEP
49152:Ayb2BrVCEy/qjqMb08GowuNt3tewvujDP6A7:ALWGFb0fowuNJtDuB
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-