General
-
Target
__x64___setup___x32__.zip
-
Size
35.4MB
-
Sample
240629-rxnvmazblg
-
MD5
ff654bc32dcbba43b22e006634fc0ef4
-
SHA1
354df22ee1aa755a09309684c33426e4da3c8745
-
SHA256
f4f4dd8a1fca44d6d7c78da7dc5741b91250eabf8faae79604c786672ea2efb8
-
SHA512
1f558e4e6a2672fd1e5b132685fe7089445e18319769778ea8b778a99c28dc70fecad502c035e102f02989661c8a530973c97af98078a1fe531e65241bbb037c
-
SSDEEP
786432:rukfK17+84cIE5kS+oofbNtocqM4kwEwwCQgZp3i6HE+8tDWU:rukfK17+8kECSaxWcqMDzgXPQtDWU
Static task
static1
Behavioral task
behavioral1
Sample
__x64___setup___x32__/setup.msi
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
__x64___setup___x32__/setup.msi
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
__x64___setup___x32__/setup.msi
Resource
win11-20240419-en
Malware Config
Extracted
https://two-root.com/2506s.bs64
Targets
-
-
Target
__x64___setup___x32__/setup.msi
-
Size
34.8MB
-
MD5
1086315ee22b1c20eb4aa7a57cbb8b6b
-
SHA1
1c734fc3f48e355a438cfed270f927b3922ef0ac
-
SHA256
d9324c156a90b828e3f110a871b6eca08bb6251fc34dcb8b570c05f48a6b642d
-
SHA512
f6fdfd4751e9b717b7acef31973e34219d2c1e49869b956c27f2a675461ad70b4d727fefb8dba5910954ef8012232913e79549acaa75558015e4de24ee804c05
-
SSDEEP
786432:wqqRkI57hVSZmlNdonqUuhGMCiEIS/vTis1Mscz:wq+T57jSZmGnqUezSTtqz
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-