General
-
Target
__x64___setup___x32__.zip
-
Size
50.4MB
-
Sample
240615-sk2rdsveja
-
MD5
61b5a940e741c3afea944d62b18e6cf1
-
SHA1
2cb1a18746080175ad7a27147173ca4552a076a6
-
SHA256
6ccb191f7b79cb8967de32761ebb54d141f5bba36cb3bd1f4ea71933c7b46494
-
SHA512
b2f6aca2fbb00a5eff0f8ca6e62552a12c52532273e30b5d5a5ed537d5dd96907d8d0671b74f15bb2204035205508386830213d237e23223b159c547d805e02d
-
SSDEEP
1572864:tBY23MKU4Obq/3JI8sXlU3tBHI3Wxrpf+SqHg:tyMhObU/sutBoGxr1+/A
Static task
static1
Behavioral task
behavioral1
Sample
__x64___setup___x32__/setup.msi
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
__x64___setup___x32__/setup.msi
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
__x64___setup___x32__/setup.msi
Resource
win11-20240508-en
Malware Config
Extracted
https://opensun.monster/25053.bs64
Targets
-
-
Target
__x64___setup___x32__/setup.msi
-
Size
24.5MB
-
MD5
0bd85ea206276e8e5d6ea143c5cb8330
-
SHA1
75079d986324ff1d4150bf00fd10ea73f43d0a76
-
SHA256
8bd23057abb6865b761ae9719ea6a66ce97d70225abab2d7b2ddce84e35ca602
-
SHA512
6ac02552c727394ed9036d5015f8a6652619f9fab7ac8e06ccf5bb301580143e4c24477722cfa8ac7e5082b298e3d8ee72b04a14fbe9ee454a120ba58baf0192
-
SSDEEP
786432:zDMcQi4FgSUZGaQ5MHnPa4lJQJU8P8uBsTaxsn:zDMQ4KMaQqvu04On
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-