General
-
Target
rubixlauncher.exe
-
Size
4.7MB
-
Sample
250601-rdvh3aaq5t
-
MD5
620024df612c13a4a33cf785384c2086
-
SHA1
a6ae999723bea18c6d3acf2c52ed682f6226b7be
-
SHA256
cd825788095cd61de39d98d6365ed80004cc55a64f4f115ef6bf532617bb0af1
-
SHA512
34d4d8a423d98bf0b8d4f18dc980bed97e9492f0817bb1e2dff99fc8d9d0cfaa2687514eff7717b1310a2c858236614490e980390612901e08b69b6ded451bdd
-
SSDEEP
98304:HqZRVmbr2CkyPqPnowAWTbNJ2EyT2QT27JaSGKN/3pJ:QVs6ysoDEUvwJEKdZJ
Static task
static1
Behavioral task
behavioral1
Sample
rubixlauncher.exe
Resource
win10ltsc2021-20250425-en
Behavioral task
behavioral2
Sample
rubixlauncher.exe
Resource
win11-20250508-en
Malware Config
Extracted
rhadamanthys
https://185.125.50.38:3034/739bd3e91cd40ca83/pancake.api
Targets
-
-
Target
rubixlauncher.exe
-
Size
4.7MB
-
MD5
620024df612c13a4a33cf785384c2086
-
SHA1
a6ae999723bea18c6d3acf2c52ed682f6226b7be
-
SHA256
cd825788095cd61de39d98d6365ed80004cc55a64f4f115ef6bf532617bb0af1
-
SHA512
34d4d8a423d98bf0b8d4f18dc980bed97e9492f0817bb1e2dff99fc8d9d0cfaa2687514eff7717b1310a2c858236614490e980390612901e08b69b6ded451bdd
-
SSDEEP
98304:HqZRVmbr2CkyPqPnowAWTbNJ2EyT2QT27JaSGKN/3pJ:QVs6ysoDEUvwJEKdZJ
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1