General
-
Target
e6b29ed16d0a9ed4d75d45733609b3cd3533b9f319ee54040bc5b867fd5c63cc
-
Size
2.3MB
-
Sample
240908-cgv7fa1ckg
-
MD5
75a6c35fd27bcafcf9240d07fca1213e
-
SHA1
99d5af744d3599e07d7a6e1cb82b630713b3b47a
-
SHA256
e6b29ed16d0a9ed4d75d45733609b3cd3533b9f319ee54040bc5b867fd5c63cc
-
SHA512
cc835d7d3d92757e531c64e41b0252170922600db9eef6811c3965f45b65954eb56300ad7aa7701129dded7bc53fd5ae584d0406c0817fc8d472583b6f0243d1
-
SSDEEP
49152:s+7OQYbVbHigcT4T/K4x6ZJhsBxl1DsQMd+XN/GndMWFVNqTXYy6zBn2ZYDbf/Tm:JebQgcT+/K44GBxlVs1d+9/Gnd5/qrYW
Static task
static1
Behavioral task
behavioral1
Sample
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://154.216.19.149:2047/888260cc6af8f/pnmx326i.m7ats
Targets
-
-
Target
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27.exe
-
Size
2.4MB
-
MD5
ee0a93c22584233cc9faf75b7b49bb78
-
SHA1
a31b0ac14c81447b71524e2815be43d9a55ea9f1
-
SHA256
ad8a68b30eb57f68ac5114c34d84977986b8a1a861ea1510275ca9135ab69c27
-
SHA512
9fab2820bdb0a4e423f66c43105fc1f447d429b6ae525359f0977d034b562ca1a408e728324335f5aced12edd2135660711dd865b3c5fa641b57a02055ee170c
-
SSDEEP
49152:+pz3Cy3BkrhfRAXMSxDw7DDCDbNV2ZGomxwF2Nz2k+IsvOYIiPcT:+pey3BkrZRAXMwDuDeh4ZGXeUMSevI9
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-