General

  • Target

    [GitHub]Project.zip

  • Size

    8.5MB

  • Sample

    240208-b1f17adedq

  • MD5

    9f14bd060975edf36fdd9ad1b3fc39a1

  • SHA1

    f508ed4284868ae9a8994ae04282a90663fc3e28

  • SHA256

    c2e3560835a0898585cf02279d838d3aa3a7360e5fc3b2f79cae45fe017da0be

  • SHA512

    bea8fae17335d2a5b4dd5cc414494e04bc779af01d5f7565cc220718e1263a4cd5f5fe24d639c23da2014ef4d0c86dbde149c9e1e794e6abcc2ba3fd7bc68158

  • SSDEEP

    196608:03FXsRDvplj8b0jmRDF4nYY3+JOSx4dBKe+hZU7ysT8:e8RNFeuAqYY3sOhfKHZmyA8

Score
10/10

Malware Config

Targets

    • Target

      GitMultiLoader.exe

    • Size

      42.7MB

    • MD5

      5ec24905f80bb16b8844d440fd4ca921

    • SHA1

      079f6782c79d633f3ac1288523d39fd5c6132df9

    • SHA256

      eec6302b15fdbf92d7c6204f195246278aa2d7c54ed2eaf51f8298554ac75024

    • SHA512

      10e3b37422b3d540f9435712ee94955df759ed1c404e35e708f0b6863ff2f8c4b1ff0fc084df10ffd805a9a9e633bb6110dc82d0d8d8d474439cd8a5b6fbfc55

    • SSDEEP

      98304:YfCv+rScGQYPDofAKB1RYQpHd5nKRQGEaTmR3vNUkqh76n7EnVFG8TzIhX724Lks:Y7EsfAeHY0x7nbT9UsMaN6maSl

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    • Target

      opengl32.dll

    • Size

      104KB

    • MD5

      476b6a340b1d1de81f96c42cb94824a3

    • SHA1

      ec0fda158e52f2c15d50ac559839262511396370

    • SHA256

      c640ca6961bb3f90ee17ee2eab9b3ab66c76d0437408cde00bbcca58f8ccf0c7

    • SHA512

      1df3ff41f1eab4267acf180aea00095d429190b00bbd65cbeeafe2ebd8fe964a4963709b9dd725a8aff963dcc1174295397ebcc11b0f19c08988855ab78f5790

    • SSDEEP

      48:/44444444444444444444444444444444444444444444444444444444444444j:H

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks