General

  • Target

    freedomOSU1.12.rar

  • Size

    803KB

  • Sample

    240403-cjemgada89

  • MD5

    0c9c295b75d76525154f9fc03aefd0a2

  • SHA1

    886e81bb6733cb9e33fb3c64bc9dbdfc96308419

  • SHA256

    f6d3d9319fe42be572804cd30d6a562094d2c00899707a64425d034b26818d10

  • SHA512

    bf9732cddc19162ac63f8cd030b19995b594303e79269eb1562947390c0c5902ad4c706313829262fa805274815b937a6e66527ce0c0d01e4154138c5e96e57d

  • SSDEEP

    24576:Njfs5lXuT5cc+3sk/Vg4nc5sjAzicDW3lUTLjl:Njftt+3pgnSK2UTvl

Score
10/10

Malware Config

Targets

    • Target

      freedomOSU1.12.rar

    • Size

      803KB

    • MD5

      0c9c295b75d76525154f9fc03aefd0a2

    • SHA1

      886e81bb6733cb9e33fb3c64bc9dbdfc96308419

    • SHA256

      f6d3d9319fe42be572804cd30d6a562094d2c00899707a64425d034b26818d10

    • SHA512

      bf9732cddc19162ac63f8cd030b19995b594303e79269eb1562947390c0c5902ad4c706313829262fa805274815b937a6e66527ce0c0d01e4154138c5e96e57d

    • SSDEEP

      24576:Njfs5lXuT5cc+3sk/Vg4nc5sjAzicDW3lUTLjl:Njftt+3pgnSK2UTvl

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks