General
-
Target
https://cdn.discordapp.com/attachments/1240115226024869969/1242263250343694376/R6S.zip?ex=6676ba8f&is=6675690f&hm=edac23ef54a6d0a5fd992653af5f9aed74be313ecac6524b38e92f00ed2fe42c&
-
Sample
240621-vtez4aybqc
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1240115226024869969/1242263250343694376/R6S.zip?ex=6676ba8f&is=6675690f&hm=edac23ef54a6d0a5fd992653af5f9aed74be313ecac6524b38e92f00ed2fe42c&
Resource
win10-20240404-en
Malware Config
Extracted
https://rentry.org/lem61111111111/raw
Extracted
https://bitbucket.org/k34gk349g34g3/56j56j5j56j/raw/0f83a68fcbec53d90c5d0c17a582d7652b840e57/lemon.rar
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1240115226024869969/1242263250343694376/R6S.zip?ex=6676ba8f&is=6675690f&hm=edac23ef54a6d0a5fd992653af5f9aed74be313ecac6524b38e92f00ed2fe42c&
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-