General

  • Target

    your_files.zip

  • Size

    5.9MB

  • Sample

    240207-vdfxfsab32

  • MD5

    47c96f08292259181c8b862df2c36f20

  • SHA1

    a0bb5fde320c76e7deb5564e15cefddb6999c264

  • SHA256

    78ef9151699ef05bd5f55b3a336479659792f8e2a96ad5ae23a441757ee5aad1

  • SHA512

    6fd1554418e39c36d85baae33fe4b9c51c2c16cdeb2b0b8b02113e21e80616d622b53854b59321fdc3c90571ac4adc67f5c7acf0ad31ab50628cc98a460e81e8

  • SSDEEP

    98304:0HvMlBUeC1NM/wTd+Vr1ekUeboL2qKd+nliYkMLYlHTJ1Xr2TnE4pKY/6OP1w+VI:0HvMjUeCmI+Vr1e4oLzsKUtlzvXwnEE+

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://good2-led.com/dark4.bs64

Targets

    • Target

      your_files.zip

    • Size

      5.9MB

    • MD5

      47c96f08292259181c8b862df2c36f20

    • SHA1

      a0bb5fde320c76e7deb5564e15cefddb6999c264

    • SHA256

      78ef9151699ef05bd5f55b3a336479659792f8e2a96ad5ae23a441757ee5aad1

    • SHA512

      6fd1554418e39c36d85baae33fe4b9c51c2c16cdeb2b0b8b02113e21e80616d622b53854b59321fdc3c90571ac4adc67f5c7acf0ad31ab50628cc98a460e81e8

    • SSDEEP

      98304:0HvMlBUeC1NM/wTd+Vr1ekUeboL2qKd+nliYkMLYlHTJ1Xr2TnE4pKY/6OP1w+VI:0HvMjUeCmI+Vr1e4oLzsKUtlzvXwnEE+

    Score
    1/10
    • Target

      password.jpg

    • Size

      769KB

    • MD5

      1a25684503e322bbe00ffa19ce8635d2

    • SHA1

      ec28dbc29cae25853238aec4c2a0844695e828f9

    • SHA256

      8df0598d09e2910e8e63a108e88c95fa217cea9bc49d51bfa46f6b7c61f5d529

    • SHA512

      b6240948dade85b5360f3b2ed1f4b5a02ff4ea2ea2179b342eaeb0a76d1b1ffcd2adc0175c952bbcb51c79f1a9cd1aa2ecebf7de216134fa8dec14892f4bf432

    • SSDEEP

      384:AnqDBpihA3x9+JTqZ/NlzybRzxu0lDTHXP:yP

    Score
    3/10
    • Target

      setup.zip

    • Size

      5.9MB

    • MD5

      b6c8afb6efdeb60c02ec3bde6d0d849b

    • SHA1

      4c00821482289a4e55172948c24d2bd9849420c2

    • SHA256

      0914a15702c4e0f0b0237a74fa5838152a76a1dfbe4b829905783fc2b53f1720

    • SHA512

      a59d54220c43e16dc8e5f541e058eae543dea5226b033b79ea7f00030554f125e5e118e080c07be616527c6d11e3ab6b4551407809df0a6dd5738726e0309390

    • SSDEEP

      98304:ZHvMlBUeC1NM/wTd+Vr1ekUeboL2qKd+nliYkMLYlHTJ1Xr2TnE4pKY/6OP1w+VJ:ZHvMjUeCmI+Vr1e4oLzsKUtlzvXwnEE7

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks