General
-
Target
7c86e8c4143be0e27af9558ca46b3b4d7c5bee5e58e18902757bc02f6a3863a2.exe
-
Size
1.5MB
-
Sample
240830-bzt7essdrr
-
MD5
29c6df4f70bc29919dba16a04c08800c
-
SHA1
0c6083da1f78d6d365138cc96724ee7f33b4b7de
-
SHA256
7c86e8c4143be0e27af9558ca46b3b4d7c5bee5e58e18902757bc02f6a3863a2
-
SHA512
30c9c7e62f8cb8d05e3dfcf0c526f9943fb648f91cd156a356550b0be326bde79bcfd638bd8b956577a0b8860eea186a4b80fab1b79deeee6a35515a927db666
-
SSDEEP
49152:ETXLOO0MV8+2vk1rrts0LDAYjNxyBVQEBX9:EV0gVjrrtsMkYBxQVQEBX9
Static task
static1
Behavioral task
behavioral1
Sample
7c86e8c4143be0e27af9558ca46b3b4d7c5bee5e58e18902757bc02f6a3863a2.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7c86e8c4143be0e27af9558ca46b3b4d7c5bee5e58e18902757bc02f6a3863a2.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://80.209.243.182:8094/c47580f52cd88a21fb/gb51j2km.kui3h
Targets
-
-
Target
7c86e8c4143be0e27af9558ca46b3b4d7c5bee5e58e18902757bc02f6a3863a2.exe
-
Size
1.5MB
-
MD5
29c6df4f70bc29919dba16a04c08800c
-
SHA1
0c6083da1f78d6d365138cc96724ee7f33b4b7de
-
SHA256
7c86e8c4143be0e27af9558ca46b3b4d7c5bee5e58e18902757bc02f6a3863a2
-
SHA512
30c9c7e62f8cb8d05e3dfcf0c526f9943fb648f91cd156a356550b0be326bde79bcfd638bd8b956577a0b8860eea186a4b80fab1b79deeee6a35515a927db666
-
SSDEEP
49152:ETXLOO0MV8+2vk1rrts0LDAYjNxyBVQEBX9:EV0gVjrrtsMkYBxQVQEBX9
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-