Resubmissions

06-02-2025 14:58

250206-scexnaxrex 10

06-02-2025 14:57

250206-sbxfbaxrdv 1

General

  • Target

    AppSetup(Val0Updated).rar

  • Size

    79.7MB

  • Sample

    250206-scexnaxrex

  • MD5

    b254b2593bebe886a63cb85f852d0e68

  • SHA1

    0de3dd2f71ad561f35e790aeb875af584a4535fa

  • SHA256

    52ee0e34f2e2c814ceb5b59b6fdf9b6f7a86d097e76e73a92085304f62044678

  • SHA512

    45b79a11fb6b96ce0f5243d50cd9287dc80c73d8f9d3875fcc06908ad069ac310aacd992d13347ebcdc067c6e36ce329216fb7a5a509e7bd8fbc94416696cdd2

  • SSDEEP

    1572864:MVieG6yP2+5w0fZJVHO5nhVKGPQWtDrKwCn0wZaeAfRvDPi51tfcQFIMQ:0ieG6ypu0fjVHuVnRDrKfHVAfBDPiLib

Malware Config

Targets

    • Target

      AppSetup(Val0Updated).rar

    • Size

      79.7MB

    • MD5

      b254b2593bebe886a63cb85f852d0e68

    • SHA1

      0de3dd2f71ad561f35e790aeb875af584a4535fa

    • SHA256

      52ee0e34f2e2c814ceb5b59b6fdf9b6f7a86d097e76e73a92085304f62044678

    • SHA512

      45b79a11fb6b96ce0f5243d50cd9287dc80c73d8f9d3875fcc06908ad069ac310aacd992d13347ebcdc067c6e36ce329216fb7a5a509e7bd8fbc94416696cdd2

    • SSDEEP

      1572864:MVieG6yP2+5w0fZJVHO5nhVKGPQWtDrKwCn0wZaeAfRvDPi51tfcQFIMQ:0ieG6ypu0fjVHuVnRDrKfHVAfBDPiLib

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks