General
-
Target
bootstrap.zip
-
Size
2.4MB
-
Sample
250209-1fltdatlfl
-
MD5
5034fdeaadb6602397f057c0bd921976
-
SHA1
bf440e0021484e5f97d360f17c440b370f02a72f
-
SHA256
a18fb19c7e1e805155fdd956e00046c6e492fce5b07aa1e21b688758ff8dbb22
-
SHA512
3c862be09552b1ce75940f329c459908aa0948f31844cb5168305271bd4ba6b18a0567d682f778520b3a29bcbd99e801dd64ef96774f604a9f6e7662c78c052a
-
SSDEEP
49152:YLkYF7Yh7tFZi+lNbhMlUbY+EKJAUo9FylgWK9TLX9vGPzXNwHVD15w+Dhi:z6GPb/8+EKOUiFZWKFzgzdw1BVi
Malware Config
Targets
-
-
Target
bootstrap/bootstrapper.exe
-
Size
633KB
-
MD5
a3d33d33f8b10595c252ee8e61a8892c
-
SHA1
f8bf529297b99ebdd0d6214a1a8a20bffb1bd875
-
SHA256
fe0c0a5da033e86e09a721070bb2e1116a28160aaffd803b8e65a57ed25e62c1
-
SHA512
5a8d8cfcb0ad0e73ce3a4ca2d23a8cb55216f97b1d4f490b3a7beee963e494e8c122fd7ec70a32eef8c1eb9b6b4e86da4cf2207beba6324d70fada7c36303bf0
-
SSDEEP
6144:pe3DUlId51RnG/LXJKIA5ZaPLi+bWVSBKtnfuvOVYER0u+GIIIIIIIhIIIIIIIIB:M3DkId5HnWLXMJABWVbnf/Vjm5a/s
Score10/10-
Detects Rhadamanthys payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Enumerates VirtualBox registry keys
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare services registry key.
-
Uses the VBS compiler for execution
-
Downloads MZ/PE file
-
Suspicious use of SetThreadContext
-
-
-
Target
bootstrap/tier0_s64.dll
-
Size
410KB
-
MD5
328655e0f2611479a90db044ab130373
-
SHA1
d678fd28927f05bde277bc3dc5fc51e2b4dce8b8
-
SHA256
586a9c2a27e906a54182166ec63a02bb6a28eb4e2e7e53a799db928b76fd036d
-
SHA512
8849dbfa9406c94b9750a6771ba391be95d8b41c53f19f446be92f4f22633975aa7d11b999e9f25b93bc682173ad6e4993486a2ec51c7475046db8daf9b1ebc2
-
SSDEEP
6144:3gOdWrN3L9iopicrVgNSpmbY+fNo809MmbtkrFCwXNmGzZ4gs7T3D3WG8dvB4h:3gOG3LEopVqYG2809DKriGzZ4g2rWwh
Score1/10 -
-
-
Target
bootstrap/vcruntime210.dll
-
Size
32KB
-
MD5
e662eaedcdc123e8faa800badf9eb2d8
-
SHA1
7b5c740dac76bfe48e9b91820e8c0137a3478cb7
-
SHA256
6b9e9771c45824f7a04dde94b30b212d616faf7d9fec03a18a4a5c1e06d6b19d
-
SHA512
8061425b994543d74ae308431d798242898504f3183c801e9abbebf7def63f4fc4a07732b514e757f28711ff1fc9964fcf131b4834fd1af194f55dc0f863697a
-
SSDEEP
768:+E79U1OB0sxNInu6Vc+IlnNS5jswblqkla0j1m4mOluNZwGF:+EZEOqsDIu1ffSpswxla0j1m+W
Score8/10-
Downloads MZ/PE file
-
-
-
Target
bootstrap/vcruntime211.dll
-
Size
439KB
-
MD5
e30e4d056fb726388e190ba5cbc6ac85
-
SHA1
46adc2f5aec2dfb5f62ccedcd8f42974f3e010e0
-
SHA256
86789151628c866cc415e4b218b96371cb294dc49907c30be2289b74e0a46f3c
-
SHA512
d667d715d132cd28ccc50d9dc2b960f5a57a28742af5f8de36ececfa339ac581fcf6ec93531da380e452c33bc39fa2e7beb5199af6915c47d42fa30c1a2f682c
-
SSDEEP
12288:RwnSZEKjeR/btgR8SiE5XuQiG3vkCHb+YH:RwnS+I75r58CP
Score8/10-
Downloads MZ/PE file
-
-
-
Target
bootstrap/vstdlib_s64.dll
-
Size
3.2MB
-
MD5
2af311d5fdb8df6250ee6681edea15bb
-
SHA1
68cea60147b29ae47fd18d97698e9bcf6f713c36
-
SHA256
c1cd2c6fd3c17d9e67ec45436064b911f2dc81fb2c32ece5ef9878b8af35dda5
-
SHA512
b20a08a1690dac97c456acc1cd8bfe01b3310c490abee3063a5189f45e28e0ac116f313524b9ca5003b84e2cc07c090e28a9fa9240fa3e4f03d9cf1fe00240de
-
SSDEEP
49152:wSN5WWMbW0m7Dng+arKHXKS2n4qBJ9X1LaYztS:FV4546S2n4Q9Fh
Score10/10-
Detects Rhadamanthys payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Enumerates VirtualBox registry keys
-
Looks for VirtualBox Guest Additions in registry
-
Downloads MZ/PE file
-
Looks for VMWare services registry key.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-