General

  • Target

    Skript.rar

  • Size

    5.9MB

  • Sample

    240402-kqb4xscf46

  • MD5

    35a3b486d2fab52b95d9a0d78af1061c

  • SHA1

    7389930c22d71224668c6cdf2777a5e0f20dea63

  • SHA256

    59da7ffb942b61fdd1cb683107e4edf60f9ab238bde419afa11c1f0928827853

  • SHA512

    23c25132e6b67bc7dfcf22931f4059cf4ccdbab6b53af9eab767b53d5fef45555111b52185d5e44c5c44020a8d41513880a8466776753c160bdbb592ec5bf6d5

  • SSDEEP

    98304:7zO2ORd2ybF/OKQ8qL5DHVsn7PCKg8lMYQRg0LwVc/oFOPqJHVVW5FnokHSX0LTQ:7a2gd2ybZOKhoDW+haCgAwVc/owqJHV5

Malware Config

Targets

    • Target

      Skript.rar

    • Size

      5.9MB

    • MD5

      35a3b486d2fab52b95d9a0d78af1061c

    • SHA1

      7389930c22d71224668c6cdf2777a5e0f20dea63

    • SHA256

      59da7ffb942b61fdd1cb683107e4edf60f9ab238bde419afa11c1f0928827853

    • SHA512

      23c25132e6b67bc7dfcf22931f4059cf4ccdbab6b53af9eab767b53d5fef45555111b52185d5e44c5c44020a8d41513880a8466776753c160bdbb592ec5bf6d5

    • SSDEEP

      98304:7zO2ORd2ybF/OKQ8qL5DHVsn7PCKg8lMYQRg0LwVc/oFOPqJHVVW5FnokHSX0LTQ:7a2gd2ybZOKhoDW+haCgAwVc/owqJHV5

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Target

      Skript Loader.exe

    • Size

      4.8MB

    • MD5

      f3b1dd838a59c419431c5aa86c1a4feb

    • SHA1

      85ac1eb8a03bedcfbc3d44cedeb802f5cae2ea0a

    • SHA256

      fad83422bd338909393c57663ab1bcafb94ec684f74fdb95aaad925e82567fa3

    • SHA512

      dbaac6b3c531cd84eac6a9440534d18cbc599826357b1efe36cdd16be163bd68c6ddd4d3211efca0d5e8c2ca6868cfb0fb3c3e0584c515b89e1ab1cac8ef6889

    • SSDEEP

      98304:1vW7Ru1fkpfVmr/V9JfzD+p05u9qgo67Smy9BHbCMMjgml7/lg+QXcAz:JibHmTJfzAyQRoRmA1H8eFsA

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Target

      dxil.dll

    • Size

      1.4MB

    • MD5

      cb72bef6ce55aa7c9e3a09bd105dca33

    • SHA1

      d48336e1c8215ccf71a758f2ff7e5913342ea229

    • SHA256

      47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

    • SHA512

      c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

    • SSDEEP

      24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r

    Score
    1/10
    • Target

      mojo_core.dll

    • Size

      1.9MB

    • MD5

      e338245ec63c4881d446e81bf2e6b9be

    • SHA1

      9ed5ff2c4bbb43a41fed37a65f5b691ddcbc63b0

    • SHA256

      c8f24b72f72aeacd060e67a76a5c71145cde5b4527b3ec87c5c4d36cae8e076e

    • SHA512

      f3768a97f646e31fd2206bc658a24e4f39f18a4a625699d700d43a27299a946840e404df78b0e0f149c9a013a7e60dd5adaf452c4a0a4db5525ad738e4c22798

    • SSDEEP

      49152:XN5EwqPeGTxMdbqDb0fmKMEYcwYj75Bvaw:PIabqDEMEd

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks