General
-
Target
setup.msi
-
Size
24.1MB
-
Sample
240609-s6pnysca8y
-
MD5
020e143c50268e236a173e1271ab3d29
-
SHA1
24d92085a827fc66273305b2140685cf154b2184
-
SHA256
6ed0f1bc6415e6d8b736f0ab0cd8f2702154922b83d5336bc334a113a96605ff
-
SHA512
bea4dfd0ca74e6a45466b3e7b59d7d9c8debfe2f4ff40c079047b26b36eae9f6c08bfc448edd981e75d173e76c21bc7f6ec08660cfe660748026c9aecd8530cd
-
SSDEEP
393216:v7mYTELaw2xTbhKG7yEt27tLk8NNurG8BRaP2XW56KTMHUCZS/u:vREZ2xTbh97yEStZN69yPAnKFC8G
Static task
static1
Behavioral task
behavioral1
Sample
setup.msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
setup.msi
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://opensun.monster/25053.bs64
Targets
-
-
Target
setup.msi
-
Size
24.1MB
-
MD5
020e143c50268e236a173e1271ab3d29
-
SHA1
24d92085a827fc66273305b2140685cf154b2184
-
SHA256
6ed0f1bc6415e6d8b736f0ab0cd8f2702154922b83d5336bc334a113a96605ff
-
SHA512
bea4dfd0ca74e6a45466b3e7b59d7d9c8debfe2f4ff40c079047b26b36eae9f6c08bfc448edd981e75d173e76c21bc7f6ec08660cfe660748026c9aecd8530cd
-
SSDEEP
393216:v7mYTELaw2xTbhKG7yEt27tLk8NNurG8BRaP2XW56KTMHUCZS/u:vREZ2xTbh97yEStZN69yPAnKFC8G
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-