General
-
Target
6ea2b5143078d89828fbcb105b90a693.exe
-
Size
13.8MB
-
Sample
240829-glxy2swgrd
-
MD5
6ea2b5143078d89828fbcb105b90a693
-
SHA1
dbfe2845b56a4eaa60015dc001162c3023158d21
-
SHA256
84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac
-
SHA512
bffbbfb1c62d3ebadc3977d591c052d54289bc4b4348afe7c0096f9d1b709461fb66f3c8ede5a29670847b344364d1b33651807c83ab8f8c2c6f0f9f27e34f47
-
SSDEEP
393216:saawEVI99NrEPFn6JdXG1w2fIVtRGpFI0+mdkO0pGYIg:saGaPce218VtRG7vTkO0cM
Behavioral task
behavioral1
Sample
6ea2b5143078d89828fbcb105b90a693.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
6ea2b5143078d89828fbcb105b90a693.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
⌚/stepao.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
⌚/stepao.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
⌚/withrobot.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
⌚/withrobot.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://147.45.47.72/9fcc2685c3ccafd/bkqam9uj.vgdc6
Targets
-
-
Target
6ea2b5143078d89828fbcb105b90a693.exe
-
Size
13.8MB
-
MD5
6ea2b5143078d89828fbcb105b90a693
-
SHA1
dbfe2845b56a4eaa60015dc001162c3023158d21
-
SHA256
84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac
-
SHA512
bffbbfb1c62d3ebadc3977d591c052d54289bc4b4348afe7c0096f9d1b709461fb66f3c8ede5a29670847b344364d1b33651807c83ab8f8c2c6f0f9f27e34f47
-
SSDEEP
393216:saawEVI99NrEPFn6JdXG1w2fIVtRGpFI0+mdkO0pGYIg:saGaPce218VtRG7vTkO0cM
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
-
-
Target
⌚/stepao.exe
-
Size
423KB
-
MD5
7313e7456fbaf0d2554570c77897abf1
-
SHA1
850e156c7b58ab4b7ae5eedc0c8a396d33930d3d
-
SHA256
2fc82bf903409c53ed2b488b7920be9df0c60835d12bb21c45c27384e4a1ff38
-
SHA512
62cdd0914b5c150f615c2f7e56e5f106308387d9ef4d045a54e4f32280d6abbfefb1ace4ad7123881e437567df5566ff0c872555df913d534ebf43c56c8d6cd0
-
SSDEEP
6144:YAYM3ZEWqf/qwPF7LR5W8ZJ74zmRiOFBbMh9q/JSl3ChNeK06iiRzmi0F9:YWBqf/qq3R5W8ZB4zmRzbaYsViRUF9
Score1/10 -
-
-
Target
⌚/withrobot.exe
-
Size
14.8MB
-
MD5
02071fe1b9c8d6ade8dafa0a71600503
-
SHA1
5b547e72386e43c291bceea5b7d0e8f51469cd3c
-
SHA256
00c32e90c14f9c866a30256c8499e753397c7385e4a3fbcdc86515b9ee563faf
-
SHA512
1c4b1c1cb788f08dea954b795d4e0bbd7c028aa5655ce23af805243d06d1c96ef687b0788343182c1d0307e9c76088e4d53e4506e5a4f8d1707001e6549b487a
-
SSDEEP
393216:9kmzxXRKFz5EKqq7EBCuE/FFicGW8bBekvN:97xXRKFdlP9ijbBvv
Score1/10 -