General
-
Target
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27.exe
-
Size
2.4MB
-
Sample
240907-b1kdlsycpk
-
MD5
ee0a93c22584233cc9faf75b7b49bb78
-
SHA1
a31b0ac14c81447b71524e2815be43d9a55ea9f1
-
SHA256
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27
-
SHA512
9fab2820bdb0a4e423f66c43105fc1f447d429b6ae525359f0977d034b562ca1a408e728324335f5aced12edd2135660711dd865b3c5fa641b57a02055ee170c
-
SSDEEP
49152:+pz3Cy3BkrhfRAXMSxDw7DDCDbNV2ZGomxwF2Nz2k+IsvOYIiPcT:+pey3BkrZRAXMwDuDeh4ZGXeUMSevI9
Malware Config
Extracted
rhadamanthys
https://154.216.19.149:2047/888260cc6af8f/pnmx326i.m7ats
Targets
-
-
Target
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27.exe
-
Size
2.4MB
-
MD5
ee0a93c22584233cc9faf75b7b49bb78
-
SHA1
a31b0ac14c81447b71524e2815be43d9a55ea9f1
-
SHA256
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27
-
SHA512
9fab2820bdb0a4e423f66c43105fc1f447d429b6ae525359f0977d034b562ca1a408e728324335f5aced12edd2135660711dd865b3c5fa641b57a02055ee170c
-
SSDEEP
49152:+pz3Cy3BkrhfRAXMSxDw7DDCDbNV2ZGomxwF2Nz2k+IsvOYIiPcT:+pey3BkrZRAXMwDuDeh4ZGXeUMSevI9
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-