Overview
overview
10Static
static
3DotHelp.dll
windows7-x64
1DotHelp.dll
windows10-2004-x64
1Settings/N...16.exe
windows7-x64
7Settings/N...16.exe
windows10-2004-x64
7Setup.exe
windows7-x64
Setup.exe
windows10-2004-x64
10libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1opengl32.dll
windows10-2004-x64
1General
-
Target
9d84aac4289cc1b1b3ef8d770ecf1a6d.bin
-
Size
16.3MB
-
Sample
240209-dsn3yafb4s
-
MD5
9d84aac4289cc1b1b3ef8d770ecf1a6d
-
SHA1
3a719d143b0def2f3d4cb8e7138fe24f4d19caa8
-
SHA256
a0332fec36f69605d58ef0fdfe5b105dfacb6603e842e20f9b725e9d6d18bf31
-
SHA512
de036f650ab58b1e8c5c5f3ea3f22bb732595f8ac8eac7f7fb8cc100b7c0d436edc38c08d75a25e712334e1472f68f652ee5ab6d13a934369e4ea5e368b901ff
-
SSDEEP
393216:/b+hdDGIDSXMhY/fYlttzbGdwqFtHT67aEAVVTpDXs96MBRXIllSjdR8+eZc:/bADGhXngtzPattMkl+dmtc
Static task
static1
Behavioral task
behavioral1
Sample
DotHelp.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
DotHelp.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Settings/Net_Framework_4.8.16.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Settings/Net_Framework_4.8.16.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
Setup.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
Setup.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
libGLESv2.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
libGLESv2.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
opengl32.dll
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
DotHelp.dll
-
Size
371KB
-
MD5
6e20b6ec7a415d3cc4a56d764546c5a7
-
SHA1
5df99a6952d400adfb5c59f4581466425eb9935a
-
SHA256
b5c100e10b6f8c5db0715267a897ce1348d3152a3a92cebc4acd0d7f7749b90a
-
SHA512
9d85c36f3aa1cc3a0744a59dcabb576329111ae7109387d6c3f50e0d86984116d7c715ea568e56ca971c05dd6b3fe9c87a1d39103245c76c5c6f1fd811e5bc41
-
SSDEEP
6144:23s0N4Z8lhuom5MOK3BkmaCbtQIQ2retFbq8d+P1cvcqKWSyU5C0O6yecZ3KPP40:2cX8l0oWA3TaYhrsM8wRho0O6ncZ3U
Score1/10 -
-
-
Target
Settings/Net_Framework_4.8.16.exe
-
Size
1.4MB
-
MD5
86482f2f623a52b8344b00968adc7b43
-
SHA1
755349ecd6a478fe010e466b29911d2388f6ce94
-
SHA256
2c7530edbf06b08a0b9f4227c24ec37d95f3998ee7e6933ae22a9943d0adfa57
-
SHA512
64c168263fd48788d90919cbb9992855aed4ffe9a0f8052cb84f028ca239102c0571dfaf75815d72ad776009f5fc4469c957113fb66da7d4e9c83601e8287f3d
-
SSDEEP
24576:MGHL3siy9J0/SmtLvUDSRbm4Jah1rVxL+iTOhYdeM+GkdnddMF2ScVC3oKNVpNXo:RL3s7mKeTUDBzrVxxOhYdeMinddG2lCK
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Setup.exe
-
Size
58.2MB
-
MD5
bb51a63e07192d90218f91e74d00c4ee
-
SHA1
8efceffbc16482fd9cc0cb663b4524a85369a299
-
SHA256
21bd32ec6e9dc6758800afab54024e81e7b2bb79ce334bf6729163fdae2f6961
-
SHA512
a7657c395ecb1b6fec8664b5528f2cb1e9f92b7a1c40cb3f28224941df3a0760351062899a644cfc91608c51c76fe9fc836ad8b873855e55b30444c4f178da01
-
SSDEEP
393216:An7A2mSknc5THR9Qc0X2fTlCdSQByTWx9h3BjjrR+:Azkns10JBfxljrR+
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Creates new service(s)
-
Downloads MZ/PE file
-
Stops running service(s)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
libGLESv2.dll
-
Size
1.4MB
-
MD5
8306600f6c59fca3a7f1b6051a70a34c
-
SHA1
9d2fd76fd7ef118ea96bc26ae0c03c428d91e34e
-
SHA256
cd9ffd828af9e4ccad1cdab755d9393174857b071a997548d9e3c4f20999320e
-
SHA512
414bcfe0de34a2ce51940ad8220627e74abb09a2d5250c60a161625e780540a0bf204583e0638546bed25c6372c8c8a053b6c6e31959d4f581c8802762e1380d
-
SSDEEP
12288:BoZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7iZo7Xo7VZo7VZov:Z
Score1/10 -
-
-
Target
opengl32.dll
-
Size
3.9MB
-
MD5
e23a909c4d1f86e86dc366ae461fee04
-
SHA1
295259f69918736ee71ddcf32347c75eb0154ee6
-
SHA256
f522654ae4091305784e4a9cb532254f8cb5ba359e49e46ce47723c3d2eefc5a
-
SHA512
3c61a6fbf631157cffb141cd0fed2cd5fd04b7d6f39d06adbb9a83a406ceffcdba269620cb6daba6ff44c5e831a15eec96dd207074099e183c07f32aeca91be8
-
SSDEEP
49152:maKfYeGwtQUTd5Oc1eziEvRX5aU34b6Gi+JTpN9V93Sb6kmJcIvSpF+bEhr:mA2LD8RX4ff9Dkr
Score1/10 -