Overview

overview

10

Static

static

3

d75697e57e...fd.exe

windows7-x64

10

d75697e57e...fd.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/Folks.exe

windows7-x64

$TEMP/Folks.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d75697e57eee3f6f63114075c15995fef359eeb7a3f554e40d55dee19bead4fd.exe

  • Size

    920KB

  • Sample

    250318-kyvagaskx5

  • MD5

    5b8a32a8aa43b0abbba8e540066a35ef

  • SHA1

    b7dbf49dfa893e7aba4732ca3fd38452c3cd9c3e

  • SHA256

    d75697e57eee3f6f63114075c15995fef359eeb7a3f554e40d55dee19bead4fd

  • SHA512

    65cda09fbf398ec4dbea02b5a368dd6f76125670240a82c7e7e49c89ba99a894c5236faadb6784e74b6077f6834f48222d182ec8d224ea3518f9309162470136

  • SSDEEP

    24576:5Njg/5WNrg4BubkHBKDrgRQDiQhceGrmhJiEFGfZmRGqEjh:n4Grg4BBHQPgRQthGChkEFAZVqA

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://5.42.65.27:4811/503b2b901476e7a26b7/s0orkm9k.o0amt

Targets

    • Target

      d75697e57eee3f6f63114075c15995fef359eeb7a3f554e40d55dee19bead4fd.exe

    • Size

      920KB

    • MD5

      5b8a32a8aa43b0abbba8e540066a35ef

    • SHA1

      b7dbf49dfa893e7aba4732ca3fd38452c3cd9c3e

    • SHA256

      d75697e57eee3f6f63114075c15995fef359eeb7a3f554e40d55dee19bead4fd

    • SHA512

      65cda09fbf398ec4dbea02b5a368dd6f76125670240a82c7e7e49c89ba99a894c5236faadb6784e74b6077f6834f48222d182ec8d224ea3518f9309162470136

    • SSDEEP

      24576:5Njg/5WNrg4BubkHBKDrgRQDiQhceGrmhJiEFGfZmRGqEjh:n4Grg4BBHQPgRQthGChkEFAZVqA

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $TEMP/Folks

    • Size

      149KB

    • MD5

      92a41d13c79ce8eb843e8c6df2af3558

    • SHA1

      5faaa98f537746b995042e2075d33ce7bdc4c7e0

    • SHA256

      76d8ed1310911122e1dbe3efd25541f93e3828fe95ebf37cdeede710944f291e

    • SHA512

      4623c951346f4049b79ffb43003b6ea1d09fcb542047c7b9ef55e212afbc093aea17e57b53cde723019c266e64bf7b3d40a2d89e8a80337ce709f6d9a7997254

    • SSDEEP

      3072:pPpU08BjlWTPJth26X7Sn4UfpLUNN9t68cCWlrss4M5iRqe:LQBk7JjX74cN0lrztg/

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks