General

  • Target

    88997e11b364563e7e052accf569d000.bin

  • Size

    82.6MB

  • Sample

    240326-dh733acd29

  • MD5

    88997e11b364563e7e052accf569d000

  • SHA1

    e00b7a277a54ddb32731812a3d52c6aad08245d9

  • SHA256

    0c000bb4bf5f64251d64ec8017fd8d780bb9774e96c0e952d40c6b3c44a982d2

  • SHA512

    608fe5ec620b345f62cb0620abca595d77361868ae20b5bcdda6abf376a739eb96275b3b1337b499a424adab4fe4ce9ebc4fd5d114352fcf914dbbb91277b93a

  • SSDEEP

    1572864:yjaSOTtyHfX7EsuEu5T2VKSatJGxXsM9on74/iMHWOQtIZKndAEuzSJZ0xHVQxC+:yhOTtcEsuEu5T2nafwr9o7PMHWOQIglR

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://iigggkkl.monster/newdrop.bs64

Targets

    • Target

      88997e11b364563e7e052accf569d000.bin

    • Size

      82.6MB

    • MD5

      88997e11b364563e7e052accf569d000

    • SHA1

      e00b7a277a54ddb32731812a3d52c6aad08245d9

    • SHA256

      0c000bb4bf5f64251d64ec8017fd8d780bb9774e96c0e952d40c6b3c44a982d2

    • SHA512

      608fe5ec620b345f62cb0620abca595d77361868ae20b5bcdda6abf376a739eb96275b3b1337b499a424adab4fe4ce9ebc4fd5d114352fcf914dbbb91277b93a

    • SSDEEP

      1572864:yjaSOTtyHfX7EsuEu5T2VKSatJGxXsM9on74/iMHWOQtIZKndAEuzSJZ0xHVQxC+:yhOTtcEsuEu5T2nafwr9o7PMHWOQIglR

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks