General
-
Target
setup.msi
-
Size
25.2MB
-
Sample
240627-a3xahswdlr
-
MD5
3d87a0e5517c9a8fc4adde50bafe7c76
-
SHA1
a1ba3b688dcb9b17ed1d430f3032e2884a0565e4
-
SHA256
49dc002fa1a0a1e33621a7d9340fb7bd0ac8b9834fc5958823d1f2bed6fa5956
-
SHA512
ebadfdc465dc5c32c854931a9f8712320cfc3752e04b3fec56a1b103c6f225c1de0c6892b1cd90b362f56d38685b8d5851e2cbefdf3291f8389b5cea2e337042
-
SSDEEP
393216:f+KUUMVzPuPA9BA/UODO0HAAqC+7Rw+lK2WhAS7KdROb7xmq7IrWowIpUDV5:f+YMVD9cECbq+QWhASOdM3N7gTwx
Malware Config
Extracted
https://gotry-gotry.com/2506s.bs64
Targets
-
-
Target
setup.msi
-
Size
25.2MB
-
MD5
3d87a0e5517c9a8fc4adde50bafe7c76
-
SHA1
a1ba3b688dcb9b17ed1d430f3032e2884a0565e4
-
SHA256
49dc002fa1a0a1e33621a7d9340fb7bd0ac8b9834fc5958823d1f2bed6fa5956
-
SHA512
ebadfdc465dc5c32c854931a9f8712320cfc3752e04b3fec56a1b103c6f225c1de0c6892b1cd90b362f56d38685b8d5851e2cbefdf3291f8389b5cea2e337042
-
SSDEEP
393216:f+KUUMVzPuPA9BA/UODO0HAAqC+7Rw+lK2WhAS7KdROb7xmq7IrWowIpUDV5:f+YMVD9cECbq+QWhASOdM3N7gTwx
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
2Accessibility Features
1Installer Packages
1Privilege Escalation
Event Triggered Execution
2Accessibility Features
1Installer Packages
1