General
-
Target
ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a.exe
-
Size
3.9MB
-
Sample
240906-jbaf4stgpc
-
MD5
46cf6b1946429c912fe569ce4b5e8a10
-
SHA1
d7e0240a1a4d021800ccc9ace9fdb310ffa63052
-
SHA256
ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a
-
SHA512
29a1f0c35f6d8beaa3941c120d01b255933edc7b4b7c6f21267ce19d2678ee868ade3e2c1e476704a22acfc0a13b627c755ad474eb960a17cd7725665adeeacf
-
SSDEEP
98304:sfUbmfIe1hxCTvblT3gbG3WfaWLUMxSZNOWfhL:sfUyzSTBgyGslhL
Static task
static1
Behavioral task
behavioral1
Sample
ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://89.117.152.231:443/e0bd9c1f4515facb49/gj28n35o.2n73x
Targets
-
-
Target
ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a.exe
-
Size
3.9MB
-
MD5
46cf6b1946429c912fe569ce4b5e8a10
-
SHA1
d7e0240a1a4d021800ccc9ace9fdb310ffa63052
-
SHA256
ea08a3b22d711a703d4932a3f0fb693d6faadbd6ad5d87ec7938784c36fb553a
-
SHA512
29a1f0c35f6d8beaa3941c120d01b255933edc7b4b7c6f21267ce19d2678ee868ade3e2c1e476704a22acfc0a13b627c755ad474eb960a17cd7725665adeeacf
-
SSDEEP
98304:sfUbmfIe1hxCTvblT3gbG3WfaWLUMxSZNOWfhL:sfUyzSTBgyGslhL
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-