General
-
Target
YouTubePartnerProgramPolicyUpdateFeb2025.msi
-
Size
4.1MB
-
Sample
250218-ll3azsyrhm
-
MD5
b0d0a69199f344aded6146246a6e58c9
-
SHA1
e11795625663a28573487f2b72ba091bac41b624
-
SHA256
9fe42ef288a3f08d68bbfc8bf0890fed79eaa1708c20577534e7e9152da3762a
-
SHA512
55a048cfd34bab839011df6eeac3f91b172c114978a7b6f089d9ed490736a5ceb570524a738b6656e0cc90c608776120b1e1f4d7ab85c1f8c3e4190f11cc35c4
-
SSDEEP
49152:hNK3fuMxhxdsIjE0xHQKu4A3Gi5Dh3JGQIN1KgZiQaH0H721bxNKWkkqQWWIX2OD:CP3hxdssvwKu4kVAQIQvNpkNmOh
Malware Config
Targets
-
-
Target
YouTubePartnerProgramPolicyUpdateFeb2025.msi
-
Size
4.1MB
-
MD5
b0d0a69199f344aded6146246a6e58c9
-
SHA1
e11795625663a28573487f2b72ba091bac41b624
-
SHA256
9fe42ef288a3f08d68bbfc8bf0890fed79eaa1708c20577534e7e9152da3762a
-
SHA512
55a048cfd34bab839011df6eeac3f91b172c114978a7b6f089d9ed490736a5ceb570524a738b6656e0cc90c608776120b1e1f4d7ab85c1f8c3e4190f11cc35c4
-
SSDEEP
49152:hNK3fuMxhxdsIjE0xHQKu4A3Gi5Dh3JGQIN1KgZiQaH0H721bxNKWkkqQWWIX2OD:CP3hxdssvwKu4kVAQIQvNpkNmOh
Score10/10-
Detects Rhadamanthys payload
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-