Resubmissions

09/02/2024, 17:17

240209-vtts9adb5v 10

09/02/2024, 17:11

240209-vqbs9seh42 10

General

  • Target

    setup.exe

  • Size

    6.3MB

  • Sample

    240209-vqbs9seh42

  • MD5

    83a983840c0c52b642bb2b53c8e03351

  • SHA1

    2afa649f780b9b1c2fad77798480e0c9e5b56944

  • SHA256

    6ac07ce849ad258cf9b47ca9767badc6ee867962cdcbe470cbe0d02ddb7437e8

  • SHA512

    7d351f0ab347271bcbeefea27531136aba9344ae163d83d8c42116fbee93c26ed2122fcfc9dc323515a24d52ce721804b475cd735adaa7fe82f94b18bf21bbee

  • SSDEEP

    98304:lAs++BUHecpbpx+sborjZGS/m9EnRXnH9EEkXl983ZbGT5oESkS:lAKBx4px+sNjC32plXG4S

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://good2-led.com/dark4.bs64

Targets

    • Target

      setup.exe

    • Size

      6.3MB

    • MD5

      83a983840c0c52b642bb2b53c8e03351

    • SHA1

      2afa649f780b9b1c2fad77798480e0c9e5b56944

    • SHA256

      6ac07ce849ad258cf9b47ca9767badc6ee867962cdcbe470cbe0d02ddb7437e8

    • SHA512

      7d351f0ab347271bcbeefea27531136aba9344ae163d83d8c42116fbee93c26ed2122fcfc9dc323515a24d52ce721804b475cd735adaa7fe82f94b18bf21bbee

    • SSDEEP

      98304:lAs++BUHecpbpx+sborjZGS/m9EnRXnH9EEkXl983ZbGT5oESkS:lAKBx4px+sNjC32plXG4S

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks