Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13-09-2024 07:25
Behavioral task
behavioral1
Sample
528f6c8f0c5d2399ea77e134bb4b4ab72883b4a8abe45e51dcef0e4abce0ce7e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
528f6c8f0c5d2399ea77e134bb4b4ab72883b4a8abe45e51dcef0e4abce0ce7e.exe
Resource
win10v2004-20240802-en
General
-
Target
528f6c8f0c5d2399ea77e134bb4b4ab72883b4a8abe45e51dcef0e4abce0ce7e.exe
-
Size
448KB
-
MD5
3b2ed8806b436e170c3576b528635a46
-
SHA1
64ff3f68fd0d657cd8bd4a8088d211f58c32a96d
-
SHA256
528f6c8f0c5d2399ea77e134bb4b4ab72883b4a8abe45e51dcef0e4abce0ce7e
-
SHA512
9a9995d92211969e54b93b013c282c51022cfdba25fb0b583730c662d254fdf29767dee8da28026a5f75ac0e9975e5c7389e6437b464217623a9dc28aa9f0bb9
-
SSDEEP
6144:nC5hyUR+MhyfUj6qfoEXYfIrvQ/zabJzYbLkBWBXpMcwLbjJgSqtUg83T36XE24r:v+BoEmID/mQmpMcmSSIU16XE2e5L
Malware Config
Extracted
rhadamanthys
https://deadmunky.nl:5403/68efc67ee981034e6b329438/4erkxm8j.nrqet
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
528f6c8f0c5d2399ea77e134bb4b4ab72883b4a8abe45e51dcef0e4abce0ce7e.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 528f6c8f0c5d2399ea77e134bb4b4ab72883b4a8abe45e51dcef0e4abce0ce7e.exe