General
-
Target
0f5bb32071eaf08c67724f035ccd16c7a7d0eff091813698695528f77441f8c2.exe.vir
-
Size
155.7MB
-
Sample
241126-e5xraa1mcq
-
MD5
1a14c2f212e54dcce5c9cdbe82ea2ac9
-
SHA1
aa4347a2f7c415f4c6dab663a1645c59513912db
-
SHA256
0f5bb32071eaf08c67724f035ccd16c7a7d0eff091813698695528f77441f8c2
-
SHA512
6b4950cecfa7993ce22b87d15cc8d9e8563319c4c3ec9dc8b6488c7d8d78aa4247febd7a468fbe9e4d7716aca705a29c101b7ed4b36e8d6039e5497994991fd6
-
SSDEEP
3145728:Xm/kfnZZRUWXNShZNxlb3oeUFRGp/K3GgUCoQKAQ6h398AWXNOQ14BDndvdXa:VnTLXwXNf4eUSJK39U8KAQ6hN8AW9H1x
Malware Config
Targets
-
-
Target
0f5bb32071eaf08c67724f035ccd16c7a7d0eff091813698695528f77441f8c2.exe.vir
-
Size
155.7MB
-
MD5
1a14c2f212e54dcce5c9cdbe82ea2ac9
-
SHA1
aa4347a2f7c415f4c6dab663a1645c59513912db
-
SHA256
0f5bb32071eaf08c67724f035ccd16c7a7d0eff091813698695528f77441f8c2
-
SHA512
6b4950cecfa7993ce22b87d15cc8d9e8563319c4c3ec9dc8b6488c7d8d78aa4247febd7a468fbe9e4d7716aca705a29c101b7ed4b36e8d6039e5497994991fd6
-
SSDEEP
3145728:Xm/kfnZZRUWXNShZNxlb3oeUFRGp/K3GgUCoQKAQ6h398AWXNOQ14BDndvdXa:VnTLXwXNf4eUSJK39U8KAQ6hN8AW9H1x
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-