General

  • Target

    e6b29ed16d0a9ed4d75d45733609b3cd3533b9f319ee54040bc5b867fd5c63cc

  • Size

    2.3MB

  • Sample

    240908-cgv7fa1ckg

  • MD5

    75a6c35fd27bcafcf9240d07fca1213e

  • SHA1

    99d5af744d3599e07d7a6e1cb82b630713b3b47a

  • SHA256

    e6b29ed16d0a9ed4d75d45733609b3cd3533b9f319ee54040bc5b867fd5c63cc

  • SHA512

    cc835d7d3d92757e531c64e41b0252170922600db9eef6811c3965f45b65954eb56300ad7aa7701129dded7bc53fd5ae584d0406c0817fc8d472583b6f0243d1

  • SSDEEP

    49152:s+7OQYbVbHigcT4T/K4x6ZJhsBxl1DsQMd+XN/GndMWFVNqTXYy6zBn2ZYDbf/Tm:JebQgcT+/K44GBxlVs1d+9/Gnd5/qrYW

Malware Config

Extracted

Family

rhadamanthys

C2

https://154.216.19.149:2047/888260cc6af8f/pnmx326i.m7ats

Targets

    • Target

      ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27.exe

    • Size

      2.4MB

    • MD5

      ee0a93c22584233cc9faf75b7b49bb78

    • SHA1

      a31b0ac14c81447b71524e2815be43d9a55ea9f1

    • SHA256

      ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27

    • SHA512

      9fab2820bdb0a4e423f66c43105fc1f447d429b6ae525359f0977d034b562ca1a408e728324335f5aced12edd2135660711dd865b3c5fa641b57a02055ee170c

    • SSDEEP

      49152:+pz3Cy3BkrhfRAXMSxDw7DDCDbNV2ZGomxwF2Nz2k+IsvOYIiPcT:+pey3BkrZRAXMwDuDeh4ZGXeUMSevI9

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks