General
-
Target
Skript.rar
-
Size
5.9MB
-
Sample
240402-kqb4xscf46
-
MD5
35a3b486d2fab52b95d9a0d78af1061c
-
SHA1
7389930c22d71224668c6cdf2777a5e0f20dea63
-
SHA256
59da7ffb942b61fdd1cb683107e4edf60f9ab238bde419afa11c1f0928827853
-
SHA512
23c25132e6b67bc7dfcf22931f4059cf4ccdbab6b53af9eab767b53d5fef45555111b52185d5e44c5c44020a8d41513880a8466776753c160bdbb592ec5bf6d5
-
SSDEEP
98304:7zO2ORd2ybF/OKQ8qL5DHVsn7PCKg8lMYQRg0LwVc/oFOPqJHVVW5FnokHSX0LTQ:7a2gd2ybZOKhoDW+haCgAwVc/owqJHV5
Static task
static1
Behavioral task
behavioral1
Sample
Skript.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Skript.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Skript Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Skript Loader.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
dxil.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
mojo_core.dll
Resource
win7-20240221-en
Behavioral task
behavioral7
Sample
mojo_core.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Skript.rar
-
Size
5.9MB
-
MD5
35a3b486d2fab52b95d9a0d78af1061c
-
SHA1
7389930c22d71224668c6cdf2777a5e0f20dea63
-
SHA256
59da7ffb942b61fdd1cb683107e4edf60f9ab238bde419afa11c1f0928827853
-
SHA512
23c25132e6b67bc7dfcf22931f4059cf4ccdbab6b53af9eab767b53d5fef45555111b52185d5e44c5c44020a8d41513880a8466776753c160bdbb592ec5bf6d5
-
SSDEEP
98304:7zO2ORd2ybF/OKQ8qL5DHVsn7PCKg8lMYQRg0LwVc/oFOPqJHVVW5FnokHSX0LTQ:7a2gd2ybZOKhoDW+haCgAwVc/owqJHV5
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
Skript Loader.exe
-
Size
4.8MB
-
MD5
f3b1dd838a59c419431c5aa86c1a4feb
-
SHA1
85ac1eb8a03bedcfbc3d44cedeb802f5cae2ea0a
-
SHA256
fad83422bd338909393c57663ab1bcafb94ec684f74fdb95aaad925e82567fa3
-
SHA512
dbaac6b3c531cd84eac6a9440534d18cbc599826357b1efe36cdd16be163bd68c6ddd4d3211efca0d5e8c2ca6868cfb0fb3c3e0584c515b89e1ab1cac8ef6889
-
SSDEEP
98304:1vW7Ru1fkpfVmr/V9JfzD+p05u9qgo67Smy9BHbCMMjgml7/lg+QXcAz:JibHmTJfzAyQRoRmA1H8eFsA
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
dxil.dll
-
Size
1.4MB
-
MD5
cb72bef6ce55aa7c9e3a09bd105dca33
-
SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229
-
SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893
-
SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0
-
SSDEEP
24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r
Score1/10 -
-
-
Target
mojo_core.dll
-
Size
1.9MB
-
MD5
e338245ec63c4881d446e81bf2e6b9be
-
SHA1
9ed5ff2c4bbb43a41fed37a65f5b691ddcbc63b0
-
SHA256
c8f24b72f72aeacd060e67a76a5c71145cde5b4527b3ec87c5c4d36cae8e076e
-
SHA512
f3768a97f646e31fd2206bc658a24e4f39f18a4a625699d700d43a27299a946840e404df78b0e0f149c9a013a7e60dd5adaf452c4a0a4db5525ad738e4c22798
-
SSDEEP
49152:XN5EwqPeGTxMdbqDb0fmKMEYcwYj75Bvaw:PIabqDEMEd
Score1/10 -