General
-
Target
x64__installer___x32__.zip
-
Size
26.6MB
-
Sample
240624-rjg5xswdlg
-
MD5
951895db4798737e96a7b22f0451ef01
-
SHA1
2c9727632f4bfd3eda91b3fdd689ad53cfaae925
-
SHA256
f548d1ad81af9ffb56e07ae96aef96702160d06a84db8802679686ef2b51d85e
-
SHA512
82e6d3898bd5504e5f9aefbc2ea373468f217cff5d651db24c3ef84cae6ffb35d14700d11dab758661b114c8c4a674974efbb1bd31b4abf47af13591c88cb178
-
SSDEEP
393216:q/eG13sFOO/XnV5ZN5JNCyvmgrfB6rX9wAH8owLrgY+HhHgSIrA/d0FuIxi:qxrO/9N52yvmcJ6rXTcvL8wA/CXxi
Static task
static1
Behavioral task
behavioral1
Sample
x64__installer___x32__.zip
Resource
win11-20240508-en
Behavioral task
behavioral2
Sample
__x64___setup___x32__.zip
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
setup.msi
Resource
win11-20240611-en
Behavioral task
behavioral4
Sample
password.jpg
Resource
win11-20240611-en
Malware Config
Extracted
https://gotry-gotry.com/2306s1.bs64
Targets
-
-
Target
x64__installer___x32__.zip
-
Size
26.6MB
-
MD5
951895db4798737e96a7b22f0451ef01
-
SHA1
2c9727632f4bfd3eda91b3fdd689ad53cfaae925
-
SHA256
f548d1ad81af9ffb56e07ae96aef96702160d06a84db8802679686ef2b51d85e
-
SHA512
82e6d3898bd5504e5f9aefbc2ea373468f217cff5d651db24c3ef84cae6ffb35d14700d11dab758661b114c8c4a674974efbb1bd31b4abf47af13591c88cb178
-
SSDEEP
393216:q/eG13sFOO/XnV5ZN5JNCyvmgrfB6rX9wAH8owLrgY+HhHgSIrA/d0FuIxi:qxrO/9N52yvmcJ6rXTcvL8wA/CXxi
Score1/10 -
-
-
Target
__x64___setup___x32__.zip
-
Size
26.6MB
-
MD5
6777a3e251426d31e4917717264661d3
-
SHA1
ccfd5dd35ba5610026698ea98b1bee04aefd9eb7
-
SHA256
e643e25579f46f7662cc7aa49c6e040bc682d87c62cf97eaa4e0f7530a6fc3bd
-
SHA512
7451f71dfe72be47142136d036f7670f944053fee45a9f76270d6ba4513399e23cb75c39f5615e328628eecdf6c159f6c38ddd847d97480ef33d62060b290d4f
-
SSDEEP
393216:C/eG13sFOO/XnV5ZN5JNCyvmgrfB6rX9wAH8owLrgY+HhHgSIrA/d0FuIxj:CxrO/9N52yvmcJ6rXTcvL8wA/CXxj
Score1/10 -
-
-
Target
setup.msi
-
Size
25.2MB
-
MD5
be2a13cfa57db16d3f654c5e444c360b
-
SHA1
7f45d2a4debbbca678cc5c300c59af01ca197bca
-
SHA256
b086cb6063a6fe194342b3dbe7639aebab02513305c95a914d052e87b54e0523
-
SHA512
978f4fb1e9df0785bbcd2734d4a7b32d3acab4a215075f0860ccc879bf65714e2c6eabba41ee7c38c0394a9a08b60757544034b21c336c2a3f233a411744953e
-
SSDEEP
786432:++aMGdE4CF4EgcHxa3pS58g0nfZ3AOnr:++aMGrCKEg+xwS5MGOr
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
-
-
Target
password.jpg
-
Size
50KB
-
MD5
10d7c64373b8a39e05782dff99e88aaf
-
SHA1
3327e3ba0e0dde05e00640121e9fcd50a49e937b
-
SHA256
c69692eaa6728d7658ec5f3a6a4bb06c42243993fdea491a009c02cba42f3e15
-
SHA512
a00aa2bc828b3eeac08f23e0516d20237c6200590344c702014770d7969fada6b210cd6d9a491c7105be3a1a928e75ec42b20061909b02afa11e1fb77466168e
-
SSDEEP
768:PHANnW5aGdd+AkSu4rksV6pfQCwCozi4BrA49d7uueqzjas//g:PHAATYrubYfQsCLVA4uueqzOn
Score3/10 -