General

  • Target

    exacid1.exe

  • Size

    1.2MB

  • Sample

    250201-atq25ssnbl

  • MD5

    a408f39cef6236f43de3038325c1797b

  • SHA1

    856066d03ad7faae5dd60d8e9f641fa4fe623b63

  • SHA256

    978de0f64b32068bd7891c870ca55615a9937b3b29b49a5d64dc54382919aca8

  • SHA512

    7ed362d9ddfc10593fc64da4f6392cd7b21155da53ea147c22b6bb913bfc321280228e02b3fc8dc5c7f0c54b878d62acec2d92a4b8a07c1c137ecac938cef6bc

  • SSDEEP

    24576:XBbHHLIXfiCWjNESzV01yB3nDk/5LPIV9hN+EeRmGBlCdXgr:xbVCAHJI/5LwrWvvCdXgr

Malware Config

Targets

    • Target

      exacid1.exe

    • Size

      1.2MB

    • MD5

      a408f39cef6236f43de3038325c1797b

    • SHA1

      856066d03ad7faae5dd60d8e9f641fa4fe623b63

    • SHA256

      978de0f64b32068bd7891c870ca55615a9937b3b29b49a5d64dc54382919aca8

    • SHA512

      7ed362d9ddfc10593fc64da4f6392cd7b21155da53ea147c22b6bb913bfc321280228e02b3fc8dc5c7f0c54b878d62acec2d92a4b8a07c1c137ecac938cef6bc

    • SSDEEP

      24576:XBbHHLIXfiCWjNESzV01yB3nDk/5LPIV9hN+EeRmGBlCdXgr:xbVCAHJI/5LwrWvvCdXgr

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks