General
-
Target
4cde8dc79397be32711a5bd4e410d0f8.dll
-
Size
6.2MB
-
Sample
240829-glxnaaydrl
-
MD5
4cde8dc79397be32711a5bd4e410d0f8
-
SHA1
65c41f0f6b814e21707a263c64cd4f36bca9afd1
-
SHA256
35b10e20e02dd63651ba1d67b48147c0b6f916f54a4dc1b8c3b2946f37aa337e
-
SHA512
f6bfa6e4ef3f5b5876b6756013dfd2d9faf4bcd8d795257f6ed48c4223830931fd50b84039ce4838564cf5b47127f6aee26bf5cddfc2fcfd35b538ba87071054
-
SSDEEP
49152:zChvv6FzlQKxCjGj+Vd4OscisICzSHgz/1ooOEO3/8CJtQmqFkCn3sSJ5hp6A0+a:zChvydfkj2m4WIG/1Iv4PekkkdH+F
Static task
static1
Behavioral task
behavioral1
Sample
4cde8dc79397be32711a5bd4e410d0f8.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4cde8dc79397be32711a5bd4e410d0f8.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://15.235.176.166:8344/ecda3896be16ad7255/wp7s4npg.mmar7
Targets
-
-
Target
4cde8dc79397be32711a5bd4e410d0f8.dll
-
Size
6.2MB
-
MD5
4cde8dc79397be32711a5bd4e410d0f8
-
SHA1
65c41f0f6b814e21707a263c64cd4f36bca9afd1
-
SHA256
35b10e20e02dd63651ba1d67b48147c0b6f916f54a4dc1b8c3b2946f37aa337e
-
SHA512
f6bfa6e4ef3f5b5876b6756013dfd2d9faf4bcd8d795257f6ed48c4223830931fd50b84039ce4838564cf5b47127f6aee26bf5cddfc2fcfd35b538ba87071054
-
SSDEEP
49152:zChvv6FzlQKxCjGj+Vd4OscisICzSHgz/1ooOEO3/8CJtQmqFkCn3sSJ5hp6A0+a:zChvydfkj2m4WIG/1Iv4PekkkdH+F
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-