General
-
Target
Bootstrapperx-64.exe
-
Size
3.3MB
-
Sample
250204-qljk4aynan
-
MD5
38c66e9633c76cb1cf97f64b50c2a70f
-
SHA1
11266ac4127867d1524186c54c64783d62ff1f5f
-
SHA256
d4fdddf67ad137ecda25132a0c4e7eeeae875b6d549aad40193f8a05031c32a2
-
SHA512
15509f36935bf30eb9a47a8fea2463228b8d783c29c408d4c1e3071c067e14a9f2ba5349e84e1e196adf1dc7ff3569bc9693dc4898c1cc7b1c794cca16be0604
-
SSDEEP
49152:KSC9PLwyVeNnaJnue+3U9Saf22bHRkfC+fguSYh+BD3xz/9M5hrSkrX:ZCiN4uzU0afvbACQ3EVz9M5t
Malware Config
Targets
-
-
Target
Bootstrapperx-64.exe
-
Size
3.3MB
-
MD5
38c66e9633c76cb1cf97f64b50c2a70f
-
SHA1
11266ac4127867d1524186c54c64783d62ff1f5f
-
SHA256
d4fdddf67ad137ecda25132a0c4e7eeeae875b6d549aad40193f8a05031c32a2
-
SHA512
15509f36935bf30eb9a47a8fea2463228b8d783c29c408d4c1e3071c067e14a9f2ba5349e84e1e196adf1dc7ff3569bc9693dc4898c1cc7b1c794cca16be0604
-
SSDEEP
49152:KSC9PLwyVeNnaJnue+3U9Saf22bHRkfC+fguSYh+BD3xz/9M5hrSkrX:ZCiN4uzU0afvbACQ3EVz9M5t
Score10/10-
Detects Rhadamanthys payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-