General

  • Target

    chromeremotedesktophost.msi

  • Size

    20.7MB

  • Sample

    240401-hh4g4agc79

  • MD5

    9513997b55e2f921721554b4a3e231a1

  • SHA1

    b6cf1967375ce59ae8c753459d803261e32cf694

  • SHA256

    b95cb82f1409339410ece18ef4e487498fab67e4dcb5b2c4d5ee32f68dc5c2f6

  • SHA512

    15ea63e069a9bf6647b729497396ef488d18838bcd4269ccbd94b5cee0540baeeac3ff9f48b91670a5e57de423c9af7c52dbef5ab25bd1ddf97e8926a4f7212d

  • SSDEEP

    393216:+8RwTASYmzEpktG3q9uPnsHmOIrnaMK4rHy4QoimW:+IeKy6ktG3q9UnsHmXnaMKRp

Score
10/10

Malware Config

Targets

    • Target

      chromeremotedesktophost.msi

    • Size

      20.7MB

    • MD5

      9513997b55e2f921721554b4a3e231a1

    • SHA1

      b6cf1967375ce59ae8c753459d803261e32cf694

    • SHA256

      b95cb82f1409339410ece18ef4e487498fab67e4dcb5b2c4d5ee32f68dc5c2f6

    • SHA512

      15ea63e069a9bf6647b729497396ef488d18838bcd4269ccbd94b5cee0540baeeac3ff9f48b91670a5e57de423c9af7c52dbef5ab25bd1ddf97e8926a4f7212d

    • SSDEEP

      393216:+8RwTASYmzEpktG3q9uPnsHmOIrnaMK4rHy4QoimW:+IeKy6ktG3q9UnsHmXnaMKRp

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks