General
-
Target
5f58e87fee021cbaa9ecfae2d5f8709bd0934b2d2d2779a8f24993425fb20350.exe
-
Size
1.6MB
-
Sample
241121-pyl2ba1hkh
-
MD5
fa000351e26e17543f67e3dedc97d37e
-
SHA1
c59fc4f489ac15d5a1d455abbf0c3c5ad6fcc189
-
SHA256
5f58e87fee021cbaa9ecfae2d5f8709bd0934b2d2d2779a8f24993425fb20350
-
SHA512
1bf517f2b0d3c156c2850f161f4bedf735361a8951d807b05eeaa711a0720031e545d5dd56f46337f059ef18bea1523ec1f5a5b96e83d6380eb74e6526bd0025
-
SSDEEP
49152:cpUlRhQMnbfKk8QkwCRYhtkp0d0X1zJ5w+ufya5h:cpUlYEfKk8DTROk6dK1l5wF
Static task
static1
Behavioral task
behavioral1
Sample
5f58e87fee021cbaa9ecfae2d5f8709bd0934b2d2d2779a8f24993425fb20350.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5f58e87fee021cbaa9ecfae2d5f8709bd0934b2d2d2779a8f24993425fb20350.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
rhadamanthys
https://51.75.171.9:5151/9640d96bbead45f349f3ab9/nvkjh5gq.0x2e8
Targets
-
-
Target
5f58e87fee021cbaa9ecfae2d5f8709bd0934b2d2d2779a8f24993425fb20350.exe
-
Size
1.6MB
-
MD5
fa000351e26e17543f67e3dedc97d37e
-
SHA1
c59fc4f489ac15d5a1d455abbf0c3c5ad6fcc189
-
SHA256
5f58e87fee021cbaa9ecfae2d5f8709bd0934b2d2d2779a8f24993425fb20350
-
SHA512
1bf517f2b0d3c156c2850f161f4bedf735361a8951d807b05eeaa711a0720031e545d5dd56f46337f059ef18bea1523ec1f5a5b96e83d6380eb74e6526bd0025
-
SSDEEP
49152:cpUlRhQMnbfKk8QkwCRYhtkp0d0X1zJ5w+ufya5h:cpUlYEfKk8DTROk6dK1l5wF
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-