General
-
Target
your_files.zip
-
Size
5.9MB
-
Sample
240207-vdfxfsab32
-
MD5
47c96f08292259181c8b862df2c36f20
-
SHA1
a0bb5fde320c76e7deb5564e15cefddb6999c264
-
SHA256
78ef9151699ef05bd5f55b3a336479659792f8e2a96ad5ae23a441757ee5aad1
-
SHA512
6fd1554418e39c36d85baae33fe4b9c51c2c16cdeb2b0b8b02113e21e80616d622b53854b59321fdc3c90571ac4adc67f5c7acf0ad31ab50628cc98a460e81e8
-
SSDEEP
98304:0HvMlBUeC1NM/wTd+Vr1ekUeboL2qKd+nliYkMLYlHTJ1Xr2TnE4pKY/6OP1w+VI:0HvMjUeCmI+Vr1e4oLzsKUtlzvXwnEE+
Static task
static1
Behavioral task
behavioral1
Sample
your_files.zip
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
your_files.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
password.jpg
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
password.jpg
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
setup.zip
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
setup.zip
Resource
win10v2004-20231222-en
Malware Config
Extracted
http://good2-led.com/dark4.bs64
Targets
-
-
Target
your_files.zip
-
Size
5.9MB
-
MD5
47c96f08292259181c8b862df2c36f20
-
SHA1
a0bb5fde320c76e7deb5564e15cefddb6999c264
-
SHA256
78ef9151699ef05bd5f55b3a336479659792f8e2a96ad5ae23a441757ee5aad1
-
SHA512
6fd1554418e39c36d85baae33fe4b9c51c2c16cdeb2b0b8b02113e21e80616d622b53854b59321fdc3c90571ac4adc67f5c7acf0ad31ab50628cc98a460e81e8
-
SSDEEP
98304:0HvMlBUeC1NM/wTd+Vr1ekUeboL2qKd+nliYkMLYlHTJ1Xr2TnE4pKY/6OP1w+VI:0HvMjUeCmI+Vr1e4oLzsKUtlzvXwnEE+
Score1/10 -
-
-
Target
password.jpg
-
Size
769KB
-
MD5
1a25684503e322bbe00ffa19ce8635d2
-
SHA1
ec28dbc29cae25853238aec4c2a0844695e828f9
-
SHA256
8df0598d09e2910e8e63a108e88c95fa217cea9bc49d51bfa46f6b7c61f5d529
-
SHA512
b6240948dade85b5360f3b2ed1f4b5a02ff4ea2ea2179b342eaeb0a76d1b1ffcd2adc0175c952bbcb51c79f1a9cd1aa2ecebf7de216134fa8dec14892f4bf432
-
SSDEEP
384:AnqDBpihA3x9+JTqZ/NlzybRzxu0lDTHXP:yP
Score3/10 -
-
-
Target
setup.zip
-
Size
5.9MB
-
MD5
b6c8afb6efdeb60c02ec3bde6d0d849b
-
SHA1
4c00821482289a4e55172948c24d2bd9849420c2
-
SHA256
0914a15702c4e0f0b0237a74fa5838152a76a1dfbe4b829905783fc2b53f1720
-
SHA512
a59d54220c43e16dc8e5f541e058eae543dea5226b033b79ea7f00030554f125e5e118e080c07be616527c6d11e3ab6b4551407809df0a6dd5738726e0309390
-
SSDEEP
98304:ZHvMlBUeC1NM/wTd+Vr1ekUeboL2qKd+nliYkMLYlHTJ1Xr2TnE4pKY/6OP1w+VJ:ZHvMjUeCmI+Vr1e4oLzsKUtlzvXwnEE7
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-