General
-
Target
exacid1.exe
-
Size
1.2MB
-
Sample
250201-atq25ssnbl
-
MD5
a408f39cef6236f43de3038325c1797b
-
SHA1
856066d03ad7faae5dd60d8e9f641fa4fe623b63
-
SHA256
978de0f64b32068bd7891c870ca55615a9937b3b29b49a5d64dc54382919aca8
-
SHA512
7ed362d9ddfc10593fc64da4f6392cd7b21155da53ea147c22b6bb913bfc321280228e02b3fc8dc5c7f0c54b878d62acec2d92a4b8a07c1c137ecac938cef6bc
-
SSDEEP
24576:XBbHHLIXfiCWjNESzV01yB3nDk/5LPIV9hN+EeRmGBlCdXgr:xbVCAHJI/5LwrWvvCdXgr
Static task
static1
Behavioral task
behavioral1
Sample
exacid1.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
exacid1.exe
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
exacid1.exe
-
Size
1.2MB
-
MD5
a408f39cef6236f43de3038325c1797b
-
SHA1
856066d03ad7faae5dd60d8e9f641fa4fe623b63
-
SHA256
978de0f64b32068bd7891c870ca55615a9937b3b29b49a5d64dc54382919aca8
-
SHA512
7ed362d9ddfc10593fc64da4f6392cd7b21155da53ea147c22b6bb913bfc321280228e02b3fc8dc5c7f0c54b878d62acec2d92a4b8a07c1c137ecac938cef6bc
-
SSDEEP
24576:XBbHHLIXfiCWjNESzV01yB3nDk/5LPIV9hN+EeRmGBlCdXgr:xbVCAHJI/5LwrWvvCdXgr
Score10/10-
Detects Rhadamanthys payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-