General

  • Target

    SetupInstaller(Valo).rar

  • Size

    42.3MB

  • Sample

    241112-2vrtlssgrh

  • MD5

    92aae9b92babefe0a2212191c86424a2

  • SHA1

    3a9f6f56663fc82e0f207ad505c3181aa9483d2d

  • SHA256

    ab5a257da8dcccf5d9f6d018183c2478644e3af67d4c3bb2b3c7096b5f072172

  • SHA512

    47c343e74240cebc74419e3beb2e83b3a71b6b561c934b1766e5a4f98936a285153069c8aec0572c0da9fccfbf9029be00267c7e300e9c8fc5a05719b44e4528

  • SSDEEP

    786432:I94np7m5bJa88oa6l7VQ1LvkWW2sxP4hSOdOQcyrJXhgmVnxq:Pn0b8Z9k5xQmyrLgsxq

Malware Config

Extracted

Family

rhadamanthys

C2

https://185.184.26.10:4928/e4eb12414c95175ccfd/Valorant

Targets

    • Target

      SetupInstaller(Valo).rar

    • Size

      42.3MB

    • MD5

      92aae9b92babefe0a2212191c86424a2

    • SHA1

      3a9f6f56663fc82e0f207ad505c3181aa9483d2d

    • SHA256

      ab5a257da8dcccf5d9f6d018183c2478644e3af67d4c3bb2b3c7096b5f072172

    • SHA512

      47c343e74240cebc74419e3beb2e83b3a71b6b561c934b1766e5a4f98936a285153069c8aec0572c0da9fccfbf9029be00267c7e300e9c8fc5a05719b44e4528

    • SSDEEP

      786432:I94np7m5bJa88oa6l7VQ1LvkWW2sxP4hSOdOQcyrJXhgmVnxq:Pn0b8Z9k5xQmyrLgsxq

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks