General

  • Target

    EXLoader.rar

  • Size

    16.3MB

  • Sample

    240207-1gr2sacgaj

  • MD5

    9d84aac4289cc1b1b3ef8d770ecf1a6d

  • SHA1

    3a719d143b0def2f3d4cb8e7138fe24f4d19caa8

  • SHA256

    a0332fec36f69605d58ef0fdfe5b105dfacb6603e842e20f9b725e9d6d18bf31

  • SHA512

    de036f650ab58b1e8c5c5f3ea3f22bb732595f8ac8eac7f7fb8cc100b7c0d436edc38c08d75a25e712334e1472f68f652ee5ab6d13a934369e4ea5e368b901ff

  • SSDEEP

    393216:/b+hdDGIDSXMhY/fYlttzbGdwqFtHT67aEAVVTpDXs96MBRXIllSjdR8+eZc:/bADGhXngtzPattMkl+dmtc

Malware Config

Targets

    • Target

      DotHelp.dll

    • Size

      371KB

    • MD5

      6e20b6ec7a415d3cc4a56d764546c5a7

    • SHA1

      5df99a6952d400adfb5c59f4581466425eb9935a

    • SHA256

      b5c100e10b6f8c5db0715267a897ce1348d3152a3a92cebc4acd0d7f7749b90a

    • SHA512

      9d85c36f3aa1cc3a0744a59dcabb576329111ae7109387d6c3f50e0d86984116d7c715ea568e56ca971c05dd6b3fe9c87a1d39103245c76c5c6f1fd811e5bc41

    • SSDEEP

      6144:23s0N4Z8lhuom5MOK3BkmaCbtQIQ2retFbq8d+P1cvcqKWSyU5C0O6yecZ3KPP40:2cX8l0oWA3TaYhrsM8wRho0O6ncZ3U

    Score
    1/10
    • Target

      Settings/Net_Framework_4.8.16.exe

    • Size

      1.4MB

    • MD5

      86482f2f623a52b8344b00968adc7b43

    • SHA1

      755349ecd6a478fe010e466b29911d2388f6ce94

    • SHA256

      2c7530edbf06b08a0b9f4227c24ec37d95f3998ee7e6933ae22a9943d0adfa57

    • SHA512

      64c168263fd48788d90919cbb9992855aed4ffe9a0f8052cb84f028ca239102c0571dfaf75815d72ad776009f5fc4469c957113fb66da7d4e9c83601e8287f3d

    • SSDEEP

      24576:MGHL3siy9J0/SmtLvUDSRbm4Jah1rVxL+iTOhYdeM+GkdnddMF2ScVC3oKNVpNXo:RL3s7mKeTUDBzrVxxOhYdeMinddG2lCK

    Score
    8/10
    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      Setup.exe

    • Size

      58.2MB

    • MD5

      bb51a63e07192d90218f91e74d00c4ee

    • SHA1

      8efceffbc16482fd9cc0cb663b4524a85369a299

    • SHA256

      21bd32ec6e9dc6758800afab54024e81e7b2bb79ce334bf6729163fdae2f6961

    • SHA512

      a7657c395ecb1b6fec8664b5528f2cb1e9f92b7a1c40cb3f28224941df3a0760351062899a644cfc91608c51c76fe9fc836ad8b873855e55b30444c4f178da01

    • SSDEEP

      393216:An7A2mSknc5THR9Qc0X2fTlCdSQByTWx9h3BjjrR+:Azkns10JBfxljrR+

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Creates new service(s)

    • Downloads MZ/PE file

    • Sets service image path in registry

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • Target

      libGLESv2.dll

    • Size

      1.4MB

    • MD5

      8306600f6c59fca3a7f1b6051a70a34c

    • SHA1

      9d2fd76fd7ef118ea96bc26ae0c03c428d91e34e

    • SHA256

      cd9ffd828af9e4ccad1cdab755d9393174857b071a997548d9e3c4f20999320e

    • SHA512

      414bcfe0de34a2ce51940ad8220627e74abb09a2d5250c60a161625e780540a0bf204583e0638546bed25c6372c8c8a053b6c6e31959d4f581c8802762e1380d

    • SSDEEP

      12288:BoZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7iZo7Xo7VZo7VZov:Z

    Score
    1/10
    • Target

      opengl32.dll

    • Size

      3.9MB

    • MD5

      e23a909c4d1f86e86dc366ae461fee04

    • SHA1

      295259f69918736ee71ddcf32347c75eb0154ee6

    • SHA256

      f522654ae4091305784e4a9cb532254f8cb5ba359e49e46ce47723c3d2eefc5a

    • SHA512

      3c61a6fbf631157cffb141cd0fed2cd5fd04b7d6f39d06adbb9a83a406ceffcdba269620cb6daba6ff44c5e831a15eec96dd207074099e183c07f32aeca91be8

    • SSDEEP

      49152:maKfYeGwtQUTd5Oc1eziEvRX5aU34b6Gi+JTpN9V93Sb6kmJcIvSpF+bEhr:mA2LD8RX4ff9Dkr

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks