General

  • Target

    Leonardo_Al.zip

  • Size

    113.7MB

  • Sample

    240403-ylx3gsba5t

  • MD5

    bd7907bdada13292c0e01e5d5b7f523a

  • SHA1

    d9196a3dfb8d2b08dd977f03fb70776a481ed492

  • SHA256

    633d5f336758fb117aa71edf1871c393c9fe3313abe61bec31974638ed9d7ce8

  • SHA512

    d62d822ab3591e6cdc6db06b1d215b7856fab08d28ffa62df5147ec1f3117c633505998243258815e7d47c0b5b8c8c6e556c9bd023f51a7608e0ed6ae9dac5e3

  • SSDEEP

    3145728:uM/VFo4s+NLcAt6M7/BeP6W4iEwkD671YX3yWUTB:zmtoLcAt6+4PLEwkG7hWa

Malware Config

Targets

    • Target

      Leonardo_Al/LeonardoAl_Setup.exe

    • Size

      31KB

    • MD5

      3e71ed46603b02a94b921411a19b7a5c

    • SHA1

      b1374ef6717635d07015d8acb700cf95b2a66b12

    • SHA256

      1131f33552a12921f6f4d7d9e503feae4b12c367d5377e226acf270f6b58ca6e

    • SHA512

      28555a8bf20e4f8d42b21685c06e429bc5261f75e9fb65b970a322907d7da4a4ee7d367f4637ea4abb6ef32fae8e71a9d92b4f253a201e94548d68281edccbaf

    • SSDEEP

      384:e8Kj/M8yEryzqEt7a9Oey+IFdP64VYaEwDtiBgxoxlnLr2STcEICxXBhgBx4eMDa:eDD1r+VWOV+csoHViBBn+EFIqeMDGvaS

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Target

      Leonardo_Al/Update_Leo.inf

    • Size

      130.0MB

    • MD5

      f158d3387c6e2cb1b482f7b7abee7e20

    • SHA1

      9aadedb8049339dd027a45bc733caa1f6f3dc7a9

    • SHA256

      c052369f476b624913e8aec1a3ba729d30b5d5f145c4c5c58d64f7d09cfa54b5

    • SHA512

      93e92533c93d966007eaf6fb35772e362326eb8bd321f1db28cfa98943277589a393081157a8832f162776127eb91974e3f93a2ea3475e936db1f228973bc40e

    • SSDEEP

      3145728:96lH+byk0ZggBznCh2HCea5bQ92NmDVr9XqnZGWp:

    Score
    1/10
    • Target

      Leonardo_Al/g2m.dll

    • Size

      130.0MB

    • MD5

      0722be7f0411d54e95107a11836c6e03

    • SHA1

      b39f9247119b18fc9c846f73c810f426015b964b

    • SHA256

      8814bdaaf5c686485ef864c25e2524e662dcfc37a393b0d8faa8d74a556df4b3

    • SHA512

      0116217df19b9cc76c0301a7838fb08221a71696d9dc4c82895faae67d8495bd63b4b61d2fa0c8a3a76311faac3d85f2a95b16c8a47ade3e428102769323d13b

    • SSDEEP

      786432:fUP7GCGO7b0Srkx/tC0SzIdSwh/WxbpNHQD3trzRp:fUP7GCG64Srkx1hSzYsHQD3t/R

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

MITRE ATT&CK Enterprise v15

Tasks