General
-
Target
__x64___setup___x32__.zip
-
Size
26.2MB
-
Sample
240617-vg68tazhkm
-
MD5
e5a83ba069f873253b132ec3ec166c24
-
SHA1
1e4ce10856435de93df2d95b128672bf5e97f449
-
SHA256
d1a0115f4afe30d9a973cb18bf95d34b67b2d548b4d49989fd0e36399dc562d0
-
SHA512
8650c791c1b5cd3e22cb94d73e001aa7f832ab860882fbeccce79aa684b4940886d36d86c73ce9df7febf9f072edba7fa1a2762aac5f35c52d451791d03b0828
-
SSDEEP
786432:V7lANnpo2nHaN04j/Qpv3p2MmSg3jcUXQR6:s1po2n14DU3GZ3wUAU
Static task
static1
Behavioral task
behavioral1
Sample
__x64___setup___x32__/setup.msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
__x64___setup___x32__/setup.msi
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
__x64___setup___x32__/setup.msi
Resource
win11-20240419-en
Malware Config
Extracted
https://opensun.monster/25053.bs64
Targets
-
-
Target
__x64___setup___x32__/setup.msi
-
Size
25.2MB
-
MD5
9e10d740b32cd15a4fb9a947f911b924
-
SHA1
6ed60f2f79f986cbf4cc6ab1076522b9c762c272
-
SHA256
ce35819b8e52f92738534f2b0c0d468bdade96eba64a41915618ab11c04c994a
-
SHA512
d793f50e6a417a8c75da3a3e809c9cb2d2724d92600e994a90c4198f47937ad462d1682a5277fcb3f0d6648fee2511a2b43c96ff96e8e6a7bec4e461b6bd7a08
-
SSDEEP
393216:o+OBUMu/xfGNU/6EiKJ5q7cPYALEUEZZ5XXMHjmPaKshz8Rk3KRrREZ78t0N:o+FMSuNCXFYHnbBXHaJ8a3wrREit0
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-