General
-
Target
lnvoice-1712456537.pdf .js
-
Size
80KB
-
Sample
241117-jnpfssyram
-
MD5
5eed57a36b459c29a10dbc8458493a26
-
SHA1
4be4299dc346dc3499adb4b01edd09b339d858a4
-
SHA256
cd4caace5e85b095654b499c34414a1d839ff30bf910993c3ebcdc1fbd9ff2bf
-
SHA512
59192b7d17198bf257fe8de35ce9523f61a7eb8495647a784f6b386dfbf60642c5109bc37bccb580e71047d556a5ebf86e7943efe57d9f06c4435e57846732d2
-
SSDEEP
768:rZQ0foU+Ui73GNNUZZQSYsVxU4Ua4UYdIMfVkArv6rAHcVxEBxVNoYdDBHBqabPg:oC1l2unjA06
Malware Config
Targets
-
-
Target
lnvoice-1712456537.pdf .js
-
Size
80KB
-
MD5
5eed57a36b459c29a10dbc8458493a26
-
SHA1
4be4299dc346dc3499adb4b01edd09b339d858a4
-
SHA256
cd4caace5e85b095654b499c34414a1d839ff30bf910993c3ebcdc1fbd9ff2bf
-
SHA512
59192b7d17198bf257fe8de35ce9523f61a7eb8495647a784f6b386dfbf60642c5109bc37bccb580e71047d556a5ebf86e7943efe57d9f06c4435e57846732d2
-
SSDEEP
768:rZQ0foU+Ui73GNNUZZQSYsVxU4Ua4UYdIMfVkArv6rAHcVxEBxVNoYdDBHBqabPg:oC1l2unjA06
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-