General
-
Target
setup.msi
-
Size
25.2MB
-
Sample
240624-pn9pmasbmc
-
MD5
933b86e4ec5b91c804b278b6cb6a87a8
-
SHA1
d1f4019db27e98d0830013355a2a2c74d4804be4
-
SHA256
c0a431da531032202fbad12b852d441638214b288103f3584252f23491ca36f7
-
SHA512
f463e1422251a9795d2e89774e9785970cfd41ee85fda72c3d7216beb53b6a9c37d5152d733942fa834d3662c32e0df5cf9d791534479167863dc01ab1629030
-
SSDEEP
393216:w+wfUM9W/NReJ2eTLtnOQY2xbEZ1BacivCTvMETonoDpoDp1dXSIpDIj/t:w+ZM0/NRVWLtntY2eZ1BacrvKoDqQpz
Static task
static1
Behavioral task
behavioral1
Sample
setup.msi
Resource
win10v2004-20240611-en
Malware Config
Extracted
https://gotry-gotry.com/2306s1.bs64
Targets
-
-
Target
setup.msi
-
Size
25.2MB
-
MD5
933b86e4ec5b91c804b278b6cb6a87a8
-
SHA1
d1f4019db27e98d0830013355a2a2c74d4804be4
-
SHA256
c0a431da531032202fbad12b852d441638214b288103f3584252f23491ca36f7
-
SHA512
f463e1422251a9795d2e89774e9785970cfd41ee85fda72c3d7216beb53b6a9c37d5152d733942fa834d3662c32e0df5cf9d791534479167863dc01ab1629030
-
SSDEEP
393216:w+wfUM9W/NReJ2eTLtnOQY2xbEZ1BacivCTvMETonoDpoDp1dXSIpDIj/t:w+ZM0/NRVWLtntY2eZ1BacrvKoDqQpz
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-