General
-
Target
SetupInstaller(Full).rar
-
Size
85.2MB
-
Sample
240906-nsmvzstfkq
-
MD5
cdaaf34d010d32806f01617dd4a2f079
-
SHA1
346a44d9ad9b6584d7b8fc4536564fa90070b7c8
-
SHA256
043eac1976cb1b44d8fedd0af9b116fc82d45366cd70506b243dd1105152ffd1
-
SHA512
de850416ff27dec4cf680812e864bd012e059a113e0520900753e9ced9a6c313b714577b4ebbfb2fe34a66e91c42039a21a6ab7cad9e7a5085447be56b12a49e
-
SSDEEP
1572864:n5xsmKH/GYht/1n+veJWqazx4G9SbQEIoHhsQVrXx:zXYh3cqtJ06HhsYV
Malware Config
Extracted
rhadamanthys
https://185.184.26.10:4928/e4eb12414c95175ccfd/Other4
Targets
-
-
Target
Setup_Installer.exe
-
Size
74.9MB
-
MD5
707c20a0de59fe418045e8cb90e4e8f9
-
SHA1
a1404eb652921a2808781cf09daecc363dbf5010
-
SHA256
589b622872cef5c5ca4af70a9bba031ee462e555e83213bd73c7511af550e417
-
SHA512
de4f99b62cd02d02cb4f4ebc65078860a6c43293f1b9f1e2e88caf7ceb8c6b690b6adcca013568e721b4986a068ac22c51a20499d6f41c1fa8ab5b3030754269
-
SSDEEP
1572864:Whw53fhw53fhw53fhw53fhw53fhw53fhw53:beeeeee
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-