General
-
Target
AppSetup(Val0Updated).rar
-
Size
79.7MB
-
Sample
250206-scexnaxrex
-
MD5
b254b2593bebe886a63cb85f852d0e68
-
SHA1
0de3dd2f71ad561f35e790aeb875af584a4535fa
-
SHA256
52ee0e34f2e2c814ceb5b59b6fdf9b6f7a86d097e76e73a92085304f62044678
-
SHA512
45b79a11fb6b96ce0f5243d50cd9287dc80c73d8f9d3875fcc06908ad069ac310aacd992d13347ebcdc067c6e36ce329216fb7a5a509e7bd8fbc94416696cdd2
-
SSDEEP
1572864:MVieG6yP2+5w0fZJVHO5nhVKGPQWtDrKwCn0wZaeAfRvDPi51tfcQFIMQ:0ieG6ypu0fjVHuVnRDrKfHVAfBDPiLib
Static task
static1
Behavioral task
behavioral1
Sample
AppSetup(Val0Updated).rar
Resource
win10v2004-20250129-en
Malware Config
Targets
-
-
Target
AppSetup(Val0Updated).rar
-
Size
79.7MB
-
MD5
b254b2593bebe886a63cb85f852d0e68
-
SHA1
0de3dd2f71ad561f35e790aeb875af584a4535fa
-
SHA256
52ee0e34f2e2c814ceb5b59b6fdf9b6f7a86d097e76e73a92085304f62044678
-
SHA512
45b79a11fb6b96ce0f5243d50cd9287dc80c73d8f9d3875fcc06908ad069ac310aacd992d13347ebcdc067c6e36ce329216fb7a5a509e7bd8fbc94416696cdd2
-
SSDEEP
1572864:MVieG6yP2+5w0fZJVHO5nhVKGPQWtDrKwCn0wZaeAfRvDPi51tfcQFIMQ:0ieG6ypu0fjVHuVnRDrKfHVAfBDPiLib
Score10/10-
Detects Rhadamanthys payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Discovery
Peripheral Device Discovery
1Process Discovery
1Query Registry
3Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1