Overview
overview
10Static
static
3ProjectGit...ine.js
windows10-2004-x64
1ProjectGit...er.exe
windows10-2004-x64
10ProjectGit...on.dll
windows10-2004-x64
1ProjectGit...rB.exe
windows10-2004-x64
7ProjectGit...rS.exe
windows10-2004-x64
7ProjectGit...cv.jar
windows10-2004-x64
1ProjectGit...32.dll
windows10-2004-x64
1ProjectGit...et.dll
windows10-2004-x64
1General
-
Target
ProjectMainGitHub.zip
-
Size
37.0MB
-
Sample
240328-sjtz6ahc5t
-
MD5
a96d973a1c3186157c3094b6b5630056
-
SHA1
e4528b2eee17e3dfce5525d29350de326e7c7e01
-
SHA256
f55cf52fd39c12fbb2ead65587a71ae2f8a563930c89e4a41e64eae9e041a39e
-
SHA512
4fc9c94e06dd9c19b9d430cd88621efd74274ffdb5b78e4c52536aabf894faa9072dcfe99b68f7f285083aa21ae64e69eb19f8f7dee717737c95e79bc4c9e4c9
-
SSDEEP
786432:klnpKC459baCnrCf3+7XVnWj03QddG/9Zo8JtZP2ngEbxfxhBshmsT:klpK7bzr2Dj03QddGnj2gEvhBs1T
Static task
static1
Behavioral task
behavioral1
Sample
ProjectGitHubMain/Engine.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
ProjectGitHubMain/Loader.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
ProjectGitHubMain/Newtonsoft.Json.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
ProjectGitHubMain/bin/UbuilderB.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
ProjectGitHubMain/bin/UbuilderS.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
ProjectGitHubMain/bin/scv.jar
Resource
win10v2004-20240319-en
Behavioral task
behavioral7
Sample
ProjectGitHubMain/opengl32.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
ProjectGitHubMain/xNet.dll
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
ProjectGitHubMain/Engine.js
-
Size
1.7MB
-
MD5
eb4a75f6c414e46ce51637436b741174
-
SHA1
ae429f103d20c638697d5770c8c19e9f429da226
-
SHA256
3ca88c4e962a789fe31bb64676535d61c40a94a041818a7f4d96ddffadd31d47
-
SHA512
015518be98809cdf103f01a7c7ec81b01e6215f68d286f820452fa72643ba2178781c9d23a1fcfbe8f3ab4a843625db8d3b845a2f194ff5f4295621d288a4a88
-
SSDEEP
24576:TEVSJtiWxaiEVSJtiWvEVSJtiWxaiEVSJtiWE:jtNrtNw
Score1/10 -
-
-
Target
ProjectGitHubMain/Loader.exe
-
Size
66.5MB
-
MD5
ab5dcb490674475c7d9937d8022fa500
-
SHA1
8c85c43c9bb5f230362458a9b086cb0c6831fa57
-
SHA256
f34c10bcc40f46873231ea3b379a405a95a6dd152503adb5b764d22348a7bd23
-
SHA512
a52ab0a78ca0c62329d34ee1077d4a3e28b803ead82ed19fe5ea42b6b5517a8a754a1bbc23e5c9ebe7aacd542772f3d263ae5477e845794d43ab13655ae300d8
-
SSDEEP
393216:mJov7+fr01+Mdu48o+UDWluZyiA5rptiv/slzx8uy60d+HEYXEyN:myvSzCkYJWl0arptin4xbyJdQZ/N
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
ProjectGitHubMain/Newtonsoft.Json.dll
-
Size
17.3MB
-
MD5
e80c8020943c2f7f0111c8da77983fd6
-
SHA1
6383878cc54fb391f8201ce90080493a49407458
-
SHA256
0e650c2f4331a30dbd889e369bcdd43d98ee0243c4144a1540f973a6eda3c9d2
-
SHA512
0d246e5a567dc193383dfe6dff5f6eb63bff6e3fb7a509707cf0a088eda544b94d7b5587049797d98dc9be65ddf4883dc94ed07ad9113c504ad2954194eaa163
-
SSDEEP
49152:wNtNtNtNtNtNtNtNtNtNtNtNtNtNANtNtNtcNtNtNtlNtNtNtEtNtNtNtNtNtNtK:8
Score1/10 -
-
-
Target
ProjectGitHubMain/bin/UbuilderB.dll
-
Size
3.6MB
-
MD5
f474baf2f922f8485752170cc261a72b
-
SHA1
7e447654e04a91a578a22da5f95d0827e543740e
-
SHA256
2f9a39635d6a379577b073945477609c3ab3656c4adc54a0d7cce23c4432c04f
-
SHA512
5bf9f3ddf527ebe14c610be6e6d525917f8fd7cbc697d1d308044a06ee7587977737c88d8ffc83508d1e8714efb761c05d38ef16037bd63862c419174c3cdd33
-
SSDEEP
98304:D3yMS4vp4iKTBrHJWGs2NyqeoNE/7SRYY6:Dp4iKTVHJack+s
Score7/10-
Modifies file permissions
-
-
-
Target
ProjectGitHubMain/bin/UbuilderS.dll
-
Size
3.6MB
-
MD5
8627fd537e892afae534c5e07f50b2c3
-
SHA1
8b90cc232744e7f0a1d27f5b4ec4f6d0d966ed9a
-
SHA256
09f156b3d7d51dad5a9ddd04f9685882a2d479e56deda6eaa0e58ecb19c19228
-
SHA512
1af58aeda603230a0091c5d871ac88773f2b57a835c42c36ebb79e2cc39c7c0edf795bf039bb0eface4303b2b9fb5c3878d8a5364e7d3b73daa26fc392c1da70
-
SSDEEP
49152:LC/+vwyHnNfERTPokBMyHJWGs8FaRMqu3XCqRq8stcpVk4JobxJ17IxRYbwPmmkO:szyHnN+TBrHJWGs2NyqeoNE/7SRYYCO
Score7/10-
Modifies file permissions
-
-
-
Target
ProjectGitHubMain/bin/scv.jar
-
Size
644B
-
MD5
8d94fb4ef8d7abcb571f4a0c40bc8600
-
SHA1
c2f61db774895c92c7e5e3e2e00c146ccb412314
-
SHA256
4c49a4774b4185035a923fa4585e5a9b469a4a1ceb115da738c62d3d0ebf299e
-
SHA512
66d3cbf6fb1f5d84e5f25fb56e6310cbfeca0b4ceaf839b10ffa7cf116c5431495dc2d7c3ff67e466b4730059711acfe40fafd49f163fa7578f70d478d572c03
Score1/10 -
-
-
Target
ProjectGitHubMain/opengl32.dll
-
Size
3.9MB
-
MD5
e23a909c4d1f86e86dc366ae461fee04
-
SHA1
295259f69918736ee71ddcf32347c75eb0154ee6
-
SHA256
f522654ae4091305784e4a9cb532254f8cb5ba359e49e46ce47723c3d2eefc5a
-
SHA512
3c61a6fbf631157cffb141cd0fed2cd5fd04b7d6f39d06adbb9a83a406ceffcdba269620cb6daba6ff44c5e831a15eec96dd207074099e183c07f32aeca91be8
-
SSDEEP
49152:maKfYeGwtQUTd5Oc1eziEvRX5aU34b6Gi+JTpN9V93Sb6kmJcIvSpF+bEhr:mA2LD8RX4ff9Dkr
Score1/10 -
-
-
Target
ProjectGitHubMain/xNet.dll
-
Size
2.9MB
-
MD5
e50d4c24ddfb38d5c8779346a9266d8d
-
SHA1
60a81409318573ba8b91d28fc7791155c9bc33c7
-
SHA256
80b5b9a2a344bc99cfda96e4eb87ded45484fa1e3c31fc6f4bc332f60923a398
-
SHA512
2dfc918e12fde6e6571a5f0d64499320038abb3cafbb07dfc335e07e1ce4f4df4780389adae616286b983a5476749f4b4a9303a67741a4dfb4cc159c521cb1d4
-
SSDEEP
24576:+iEVSJtiWvd53aiEVSJtiWvd53aiEVSJtiWvd53aiEVSJtiWvd53aiEVSJtiWvd4:5Z53NZ53NZ53NZ53NZ56
Score1/10 -