General
-
Target
3e02b3d41bd5b9895c35ead20c21921ff158f3d3d28ed92c9b6f4d3643e71fb8.zip
-
Size
9KB
-
Sample
241117-xphxasweqe
-
MD5
91ed216498f668aefa04cefd48a85e0a
-
SHA1
4ccda17a8f6980b681d0ec224bec3d880a58c01b
-
SHA256
0eef2b5a8170a8d109dcb1851cace3aff5748da48f01b853d45a7f6ece6fe614
-
SHA512
e1362848ce3d35be17014853652d5edd4e43b991391faffbd7351af840ded0bcc7153e2758470265c7ffb6041d8eb84b1fe3b11307fd98f40751340f63973a31
-
SSDEEP
192:dDHzbVzQJRYbSNfZdvdhz2iFnDIZNAd0W1vv1EFKaBV6FjKOfVw9c:dDvtiR0SN7vdhz2iFnDILwJvvSNaWOt
Malware Config
Targets
-
-
Target
3e02b3d41bd5b9895c35ead20c21921ff158f3d3d28ed92c9b6f4d3643e71fb8.pdf
-
Size
56KB
-
MD5
d8373d0c9a16e907776812b0428bdec6
-
SHA1
da1d4769a037a7a2a18d70ab9341d44473524c11
-
SHA256
3e02b3d41bd5b9895c35ead20c21921ff158f3d3d28ed92c9b6f4d3643e71fb8
-
SHA512
7960817b0185b1d231a12c0fb8ad10e3ca24189b64f40c6cab6298497637dcb69bfafe98ec838da961043e83fafc7b91d1c5e9963f23c30562cbda79bfbd6e19
-
SSDEEP
192:rEkcq9U4pvJrxE1gRsFP2HrCN0yBXSduJvYj3djRS42+OHpKeXo4d0pZ6X8Nw8PU:rnS46ppGue5T2GnZ6MG8P9u
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-