General

  • Target

    connection1503.zip

  • Size

    12.9MB

  • Sample

    240404-lk8flsbe41

  • MD5

    16da8b84380d4eb1d92096a960a4712b

  • SHA1

    f2bba904ae855ef33c089aee7f3e16242b73dc7f

  • SHA256

    d671593564859879c1864906762f67c6b90efa92595ba4a0ad243a0a7be25c27

  • SHA512

    8f96e17ac08685c60d1665d11ba434b0e4b0afe7a5ff1dc0bcb9235c348703942829c1ba05133802d603bc7760165e8e67d907a3d1d8fbca941ce78d44451894

  • SSDEEP

    393216:m1q9tet4Da2RozpPcT0CEvCAcuytGbt/Idu5FNr:m1q3eqDIfvquyMI45FNr

Score
10/10

Malware Config

Targets

    • Target

      connection1503.exe

    • Size

      43.9MB

    • MD5

      43430554370c916d462360e4f99ce14e

    • SHA1

      d8a319a2927bc70008d807f65c0b085424e17fde

    • SHA256

      97ad9ec5accd668882437d7af85ed8c5228fb2f5ceb035ebd15a569eb10ee957

    • SHA512

      38aa7550e1babd193e19967a175c3986daaa7366bcbe621893f6eda2250d80feff63f2c26ffe39d225e9f6186dcfe40e44fb653e25c5419cbbc2dc2f998bd6e1

    • SSDEEP

      196608:vchI3nkY+Za8caFGzCQJ2xo3NDeZfMITDFAi7xz19Adyah/tv:0S3kYckaFgso3ND4VFAQz12dttv

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks