General

  • Target

    @Base_1DS1.exe

  • Size

    1.7MB

  • Sample

    240214-pw9plabf94

  • MD5

    59502d555c1b2e38b3f99a80528993c0

  • SHA1

    156d99645955a3f043c5451c6b24c3fea29f50fa

  • SHA256

    bf267c00c95c56860c6ebf052f927d0237be3b4499ad58d2a71449ff06a9ce5f

  • SHA512

    b31afefa0506483dec837cbfc0edfcfec52be9578d9e7d884877ece26a3bd6612e7e658467b3a93ab84bd4d710c9fd3ee7afbb66e7b63c3ab080cc8137ebfc61

  • SSDEEP

    768:RQocZtO77mXVX8tLfcFY9Wshk458P/qqhdaahRLSqh3jHj8Yi6+PxWEKmwgDU9zw:G1n3FCjk4c87FPx97YzvY

Malware Config

Targets

    • Target

      @Base_1DS1.exe

    • Size

      1.7MB

    • MD5

      59502d555c1b2e38b3f99a80528993c0

    • SHA1

      156d99645955a3f043c5451c6b24c3fea29f50fa

    • SHA256

      bf267c00c95c56860c6ebf052f927d0237be3b4499ad58d2a71449ff06a9ce5f

    • SHA512

      b31afefa0506483dec837cbfc0edfcfec52be9578d9e7d884877ece26a3bd6612e7e658467b3a93ab84bd4d710c9fd3ee7afbb66e7b63c3ab080cc8137ebfc61

    • SSDEEP

      768:RQocZtO77mXVX8tLfcFY9Wshk458P/qqhdaahRLSqh3jHj8Yi6+PxWEKmwgDU9zw:G1n3FCjk4c87FPx97YzvY

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks