General
-
Target
your_files.zip
-
Size
5.9MB
-
Sample
240208-w93a1aah95
-
MD5
902e95ea4382d1f9e340ed9f0068bf7a
-
SHA1
60548f452f515a2f5bf1af2db1691815f2900d05
-
SHA256
b59f6f116736248cd4fe60b02956a13e7c87b7a25effc8a1b026df1edb67a0bf
-
SHA512
548fcaa92f20a5f8acc78048b239ea837e70f9adaa69834328bed5255eb7f17e0f9a96ae2d89c3f252da02a23b48cc4a00eaa7d62c27cbaeccb223aabfb2bc16
-
SSDEEP
98304:wqDSk9A7Y/6oCk0Z/n9VRlxir0eh67pt40Z1/h1N+KOJ4L/kAOFyv23RF/Uf:wqDSxE7D0ZnPxleh6Q0Z1r82AG2BSf
Static task
static1
Behavioral task
behavioral1
Sample
libs/DismApi.dll
Resource
win10-20231215-en
Behavioral task
behavioral2
Sample
libs/Windows.Graphics.dll
Resource
win10-20231215-en
Behavioral task
behavioral3
Sample
libs/WsmSvc.dll
Resource
win10-20231215-en
Behavioral task
behavioral4
Sample
libs/ortcengine.dll
Resource
win10-20231215-en
Behavioral task
behavioral5
Sample
setup.exe
Resource
win10-20231215-en
Malware Config
Extracted
http://good2-led.com/dark4.bs64
Targets
-
-
Target
libs/DismApi.dll
-
Size
1.0MB
-
MD5
c0d799e0350cbef1f37d1c2ad6e29cbd
-
SHA1
d073f3960f085161d960d66d20532f81cfe49c9d
-
SHA256
43c37555d8dbd9aec78cd1609ff1defce1c8e5110c6fc5bb24e6382472a28ef3
-
SHA512
a21b9b7c1397bc7844857cb56644070ab473c43891a88453311eb5be4b63c3a21ad7c8df116d2549db51f50975bf885f4d768b8edaf06d17a9d7333315a443c7
-
SSDEEP
24576:2BfTsBflzkUnEDbjaLXGNaFUxk0NhW39B3:kfwUD3aL8Lk0NhKz
Score1/10 -
-
-
Target
libs/Windows.Graphics.dll
-
Size
553KB
-
MD5
29bbe29eaefbc1fd7df09e5730619af0
-
SHA1
df0c487b5eba7f05b4acc4365c45745f3e565ea2
-
SHA256
81252237cefbc6058842c1db98067d5bd1d7819b18367be889f6f6dd326c64cd
-
SHA512
6400546bbf6c400c1660b4a5ad88b5b22f9447fad0ff938543e69d9b081020e6c4b583b2edcf5cf082ff59643164052bb8ecc147199cd74011cb1be7e41d0672
-
SSDEEP
6144:v2b4x5qM/VRCEU/UUL9SpUUkNslL1tKPjvt+/e4OO7Y8nR7kE1TRYl0YH2Cr:v2b8xUD9nN9PbY/e18Rgse0Sr
Score1/10 -
-
-
Target
libs/WsmSvc.dll
-
Size
2.7MB
-
MD5
755911a56e00ddf72c6bfab78180d767
-
SHA1
4dfddfc3fa74480f8f9aa9e4dbac0ee05d1b3cfb
-
SHA256
349d1a4975ef317ded64dd290a5a0604ee83c5a67626e44cd9ed79efa84d2a04
-
SHA512
f2bfcec0f8dac8e03873ac193ae9b660764bb43bacddafbfd0bef39c7624877d19e8e85f8222090a30d00620c06e59ed251bf2d915ade56edcdddbcf3f0c77d8
-
SSDEEP
49152:rQ+cx7sQ/Rn18YTsR3QZvmIkJ1QT2IOmK3UunAh7/jNGSeUXcgqxSQvL:m7sQBPT2jJ1QT2IjC
Score1/10 -
-
-
Target
libs/ortcengine.dll
-
Size
1008KB
-
MD5
1d7fc8a9241de652e481776e99aa3d46
-
SHA1
175936d4706447d8ac5a30c6964a8ad8136d10f2
-
SHA256
78f39ebbc9307b823296f7c37ec387fadf7cb4e9969449833d90366a65865752
-
SHA512
f5dff88bb578452daa93329d7804e7f7051a9e542bf0b70b567bcf8268b7514936948f26c46fedff1ef8ba2d5255d74291fc3b073b30e7b9c599b4ac3ba11f9e
-
SSDEEP
24576:evPC6nGvJA20cc8lf2BY4vgqsgv1AQOVC4:evPC6kicc8lf2q4vLsk1AQOp
Score1/10 -
-
-
Target
setup.exe
-
Size
6.4MB
-
MD5
1ccc055f28eb610f226a41e522205cf6
-
SHA1
09e7a271e7b4f4aa2a27b9353c8244412f700898
-
SHA256
7b3badb65f68f1add7ef8d794cc8c2a9740aeedc37030bf6414a14f58c48f43b
-
SHA512
f6feb6170724653b850e1c5e0d38d1d225b8da9ba1a79badd9d08b9ff888fb8020414e8312de5a67ae33e34edbf4deb882670d82abefedf0b5ed9d2a32ae59c2
-
SSDEEP
98304:OAs++BUHecpbpx+sborjZGS/mCVRXnH9EEkXCCnw68uI+cqulMO3uf:OAKBx4px+sNs32pCZ1V+f
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-