General
-
Target
Software_Setup.exe
-
Size
74.9MB
-
Sample
240914-yb6a4ssapp
-
MD5
707c20a0de59fe418045e8cb90e4e8f9
-
SHA1
a1404eb652921a2808781cf09daecc363dbf5010
-
SHA256
589b622872cef5c5ca4af70a9bba031ee462e555e83213bd73c7511af550e417
-
SHA512
de4f99b62cd02d02cb4f4ebc65078860a6c43293f1b9f1e2e88caf7ceb8c6b690b6adcca013568e721b4986a068ac22c51a20499d6f41c1fa8ab5b3030754269
-
SSDEEP
1572864:Whw53fhw53fhw53fhw53fhw53fhw53fhw53:beeeeee
Static task
static1
Behavioral task
behavioral1
Sample
Software_Setup.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Software_Setup.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://185.184.26.10:4928/e4eb12414c95175ccfd/Other4
Targets
-
-
Target
Software_Setup.exe
-
Size
74.9MB
-
MD5
707c20a0de59fe418045e8cb90e4e8f9
-
SHA1
a1404eb652921a2808781cf09daecc363dbf5010
-
SHA256
589b622872cef5c5ca4af70a9bba031ee462e555e83213bd73c7511af550e417
-
SHA512
de4f99b62cd02d02cb4f4ebc65078860a6c43293f1b9f1e2e88caf7ceb8c6b690b6adcca013568e721b4986a068ac22c51a20499d6f41c1fa8ab5b3030754269
-
SSDEEP
1572864:Whw53fhw53fhw53fhw53fhw53fhw53fhw53:beeeeee
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-