Resubmissions

29-03-2024 07:56

240329-js6wmsde66 8

29-03-2024 07:53

240329-jq57bsde32 10

General

  • Target

    setup.msi

  • Size

    8.5MB

  • Sample

    240329-jq57bsde32

  • MD5

    86a68878633d570e195609fe33640561

  • SHA1

    5a5355a80750693493c4ff9d4184d3234ad62b73

  • SHA256

    7a5d8ef1b6de2d300a6a3118426562e881577c85ab2d919f0337e4de0e9aaa92

  • SHA512

    502f996aff0273aecd4256bd25b3bcd2187a2b44c1b26c0b64a622ae2d788328d8f8e9bbd8fa9119a0edb282d1737f8f502ecf69484a70b14fd287442630c1a9

  • SSDEEP

    196608:zN7EYGIfVlhQ+gtODuwjWT6mPLJo/QkPM27rMr:z+3IfVlhQ+glwY6AW/h37rM

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://curlhub.monster/newdrop.bs64

Targets

    • Target

      setup.msi

    • Size

      8.5MB

    • MD5

      86a68878633d570e195609fe33640561

    • SHA1

      5a5355a80750693493c4ff9d4184d3234ad62b73

    • SHA256

      7a5d8ef1b6de2d300a6a3118426562e881577c85ab2d919f0337e4de0e9aaa92

    • SHA512

      502f996aff0273aecd4256bd25b3bcd2187a2b44c1b26c0b64a622ae2d788328d8f8e9bbd8fa9119a0edb282d1737f8f502ecf69484a70b14fd287442630c1a9

    • SSDEEP

      196608:zN7EYGIfVlhQ+gtODuwjWT6mPLJo/QkPM27rMr:z+3IfVlhQ+glwY6AW/h37rM

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks