General
-
Target
SetupInstaller(Valo).rar
-
Size
42.3MB
-
Sample
241112-2vrtlssgrh
-
MD5
92aae9b92babefe0a2212191c86424a2
-
SHA1
3a9f6f56663fc82e0f207ad505c3181aa9483d2d
-
SHA256
ab5a257da8dcccf5d9f6d018183c2478644e3af67d4c3bb2b3c7096b5f072172
-
SHA512
47c343e74240cebc74419e3beb2e83b3a71b6b561c934b1766e5a4f98936a285153069c8aec0572c0da9fccfbf9029be00267c7e300e9c8fc5a05719b44e4528
-
SSDEEP
786432:I94np7m5bJa88oa6l7VQ1LvkWW2sxP4hSOdOQcyrJXhgmVnxq:Pn0b8Z9k5xQmyrLgsxq
Static task
static1
Behavioral task
behavioral1
Sample
SetupInstaller(Valo).rar
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
SetupInstaller(Valo).rar
Resource
win10v2004-20241007-en
Malware Config
Extracted
rhadamanthys
https://185.184.26.10:4928/e4eb12414c95175ccfd/Valorant
Targets
-
-
Target
SetupInstaller(Valo).rar
-
Size
42.3MB
-
MD5
92aae9b92babefe0a2212191c86424a2
-
SHA1
3a9f6f56663fc82e0f207ad505c3181aa9483d2d
-
SHA256
ab5a257da8dcccf5d9f6d018183c2478644e3af67d4c3bb2b3c7096b5f072172
-
SHA512
47c343e74240cebc74419e3beb2e83b3a71b6b561c934b1766e5a4f98936a285153069c8aec0572c0da9fccfbf9029be00267c7e300e9c8fc5a05719b44e4528
-
SSDEEP
786432:I94np7m5bJa88oa6l7VQ1LvkWW2sxP4hSOdOQcyrJXhgmVnxq:Pn0b8Z9k5xQmyrLgsxq
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-