General

  • Target

    Installer.GitHub.rar

  • Size

    27.8MB

  • Sample

    240404-n8ngfsef2y

  • MD5

    73206a3de981facc823c8b2f5d4020f5

  • SHA1

    1c77e01ed3267fba9c5e78e464a8b6bef357de9f

  • SHA256

    1135081bde2464c28692eb7704cb4b286a6045f014e7b083824b2d72dd7dc3ba

  • SHA512

    ba896440dae788d2af58c49eb102dbe3be21981904da1cb5af89b0be46fb11d290d2d5becba580fc802c0dee9b3892d3615367f83fd43a019c177a00ba5ef193

  • SSDEEP

    786432:ZqwADv5R+EfQVGqHko+ZbpcMFox8BKwIDgUYpM7:EDhHfQo2V+ZbpcUocIDgc7

Score
10/10

Malware Config

Targets

    • Target

      Installer [GitHub]/Installer.exe

    • Size

      14.2MB

    • MD5

      f260a38751672bd868e84e233f6f49a4

    • SHA1

      df6e8f4c879dc233f1e87167acc93515067e798e

    • SHA256

      fecc2aade7b803fa1488f26b99e73af933887c6030a755b4a28120842a249ad8

    • SHA512

      d4eb124a2952eeabb3c9400a0b1e3425e9095578eb1f64969da3bb92d078596f5cf2cc827272a9b49f445d3e85d2b8446c8c6c05058d4bd2fe88868db67ba3dc

    • SSDEEP

      196608:n9NuQ8xSTrf3sU99dI/Jsv6tWKFdu9CrpXJV:n9gQbdI/Jsv6tWKFdu9C9XJ

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      Installer [GitHub]/libs/xmlfilter.dll

    • Size

      68KB

    • MD5

      c425a6a14882f562897554e5359a7d19

    • SHA1

      7b7731b1dcceb922e7ce876b745222cf78cd0ef0

    • SHA256

      8805e23a3cefe35000b875fcfcd5f5df6afdc02c4ee34f1e42747f00f0020286

    • SHA512

      85071148747bad73c6d78baa492912e4247cb31912fd70d5dc88daa1254fd9c901fffec082bd8e74c0074b68b5030c4b901cc280c31f5471832a0ca96faa4817

    • SSDEEP

      1536:JyYA0gBASnGUWcuL+Lr9gpLka88aE86UnpsaxL5Kg/S1dYfiMWgBvqHNZW/H:ww66ce+Pxa88aVpnpsaxT/M0RBiHL+

    Score
    1/10
    • Target

      Installer [GitHub]/libs/xmllite.dll

    • Size

      210KB

    • MD5

      edd4ab0b9754ddaeba5b1eba5bfb7d49

    • SHA1

      d9b3af28c0dd54260ec2995e1610568dbb23c48e

    • SHA256

      1c504b90689a1d12ab8b571edc6189b085502d1794fcdc890897df4729399a5f

    • SHA512

      433a21bfa962fbdab0fc6c04786307e83715a6c41c5e502b80e2ea0d795fcfe2555295914be51714d952454a9eaaf890804dbe4de40cec49cea82afc198b6b15

    • SSDEEP

      3072:zwd5q7UxjvwCG4W27p5GLg21H3wIkmQ7hnZJgYRxFOyrlXkWcdhZdWrilTP3wf:zwPqYxMCG4rp4k21gnDhnZJgYflqZZ

    Score
    1/10
    • Target

      Installer [GitHub]/libs/xmlprovi.dll

    • Size

      21KB

    • MD5

      8c7b1fdb3a0934e47e920650265be5b6

    • SHA1

      ef63dbacac852838bb6bf42b036ce97e33c81551

    • SHA256

      1e5a01359a4be89d3aaf200aa0f305a610032286c2f3915e2a1d22a7a0e64414

    • SHA512

      60e9af6513ee410f7cccd9cd7d85e783e8415fa24a7c25aac48f2c13e052305b412c88e49267f64926a55712a2d703bafd9ee0d4350f45dcd724f23d1052400b

    • SSDEEP

      384:EavgugK3UZZ/VfvBEZBwEZc5ezkZhFZ5jHUMpoFZdWdVWF6Wb:9gKGceE8ZNHUrHWdM

    Score
    1/10
    • Target

      Installer [GitHub]/libs/xolehlp.dll

    • Size

      65KB

    • MD5

      51a4ef51d76192f1e67e846c38302a05

    • SHA1

      00d1e3531c1200409645be7d049b03933b7482dd

    • SHA256

      46406c76972e39f75e810edd2159393061b99e510e138a9b9e4478c69b04e5e8

    • SHA512

      4654488daede5aecedb20052c8d7515fc3a1b33549950c4c30724bab068476356ea675eaf3d91a839d55f73723a2dca65bfb04e79b2ae5598c9e4b21dc619570

    • SSDEEP

      1536:ibM8goQQ2xVB4MEh7TfUSTbqYZHbhR9+R:XNV/B4hF8SKYZ779+R

    Score
    1/10
    • Target

      Installer [GitHub]/x64/3 - Copy.dll

    • Size

      3.8MB

    • MD5

      7a928c77b433462246a9fba8fe0f2cc8

    • SHA1

      7b424a55a6276a8c0112cb94bb4c1bf0f45ca8d1

    • SHA256

      4bafdd9d0587bdc8bac5c5c510f863592a80b80a39bc4f5e5d1741f0b3fe9505

    • SHA512

      47bae60ca35527ad749f4f5444cb1c3d3bbc9e6ba4c4e62f0c5c45c32d461d43fd0989869d99c1d310ca09463fe2ca91eb31f59746930f1dd0deb96678265ec7

    • SSDEEP

      6144:n8K3IMDr6S9RsSXEcA5X96K7Rdh65YmFZ7C4:N3IMnF9749h7rh65YmX

    Score
    1/10
    • Target

      Installer [GitHub]/x64/3.dll

    • Size

      3.8MB

    • MD5

      7a928c77b433462246a9fba8fe0f2cc8

    • SHA1

      7b424a55a6276a8c0112cb94bb4c1bf0f45ca8d1

    • SHA256

      4bafdd9d0587bdc8bac5c5c510f863592a80b80a39bc4f5e5d1741f0b3fe9505

    • SHA512

      47bae60ca35527ad749f4f5444cb1c3d3bbc9e6ba4c4e62f0c5c45c32d461d43fd0989869d99c1d310ca09463fe2ca91eb31f59746930f1dd0deb96678265ec7

    • SSDEEP

      6144:n8K3IMDr6S9RsSXEcA5X96K7Rdh65YmFZ7C4:N3IMnF9749h7rh65YmX

    Score
    1/10
    • Target

      Installer [GitHub]/x64/BluetoothDesktopHandlers - Copy.dll

    • Size

      65KB

    • MD5

      952aa76096c1dc82042f01cc5e96fc0e

    • SHA1

      67cb8fa462b5e83a8ad684b64ad71ac4677c6506

    • SHA256

      1e5f06b73827882ad2fed548983d381656fb393f9c0fdff2c5df44f80ebcf5d5

    • SHA512

      fc9f2367db71d81464f781cf4089066b89ac604abcee4b88a2cc0678c3175fd81dd71b1bbfc31003d6d72a90fb8a262b83f0e0d12dd72c2f809f2afd3439f490

    • SSDEEP

      1536:bmGwFKVlhW4ViB0fUsCwrHvw/+C3ypoi4CRzJ:9G+180fUsCwrHvY+xoi4Md

    Score
    1/10
    • Target

      Installer [GitHub]/x64/BluetoothDesktopHandlers.dll

    • Size

      65KB

    • MD5

      952aa76096c1dc82042f01cc5e96fc0e

    • SHA1

      67cb8fa462b5e83a8ad684b64ad71ac4677c6506

    • SHA256

      1e5f06b73827882ad2fed548983d381656fb393f9c0fdff2c5df44f80ebcf5d5

    • SHA512

      fc9f2367db71d81464f781cf4089066b89ac604abcee4b88a2cc0678c3175fd81dd71b1bbfc31003d6d72a90fb8a262b83f0e0d12dd72c2f809f2afd3439f490

    • SSDEEP

      1536:bmGwFKVlhW4ViB0fUsCwrHvw/+C3ypoi4CRzJ:9G+180fUsCwrHvY+xoi4Md

    Score
    1/10
    • Target

      Installer [GitHub]/x64/WinFax.dll

    • Size

      31KB

    • MD5

      ef7dd233e411f00eb1cac11886a175d2

    • SHA1

      4f52a7209ec0d5663161f35cd78a017024dad7b9

    • SHA256

      6e97eb7fd16873a59801572f56d49cebe8bac92ae0518b7ab38c3a503a44f9bf

    • SHA512

      8c67cef635fa77c0030fd19f81fd251d95d048fc28ea38276849de4edae6a21859a35541962e4d60c133e5b67c96700d5c9f96e10104de9da79f32e4b57a4cb1

    • SSDEEP

      384:A1r52zLq4A2cfRgZEWvF+yiTQ6deV2JkVv4iNdPbqmbSevdAzaXowK/DFMvdoevL:eVGA2cZgZcA0Al9qmbS0vKKVo9l+2

    Score
    1/10
    • Target

      Installer [GitHub]/x64/WinMsoIrmProtector.dll

    • Size

      86KB

    • MD5

      357d11de4ebea152cba3d41c21e6e9dc

    • SHA1

      6a81c9f67b88273d5409c066ac9135bc939285d1

    • SHA256

      acf5adc1b54d053112c7ee608bf9b16da156f6d6cb0662ea4dee03ddd1eeb48f

    • SHA512

      60eeb506e5f59b3df0b080154eee2967783ba65a450c8c60411c2f75345525ea76ed4c8db0cf73bd201e745f42142d56ae44c9ae1a60a543db8ecd3f00284432

    • SSDEEP

      1536:ELQ/LEwTjLLZaCjqaPO3F12ETSmBdOpD+fOTexRy9nVEAIcAuG:ELVwTIshPy12EWrpD+fOysn6AI

    Score
    1/10
    • Target

      Installer [GitHub]/x64/WinOpcIrmProtector.dll

    • Size

      80KB

    • MD5

      ce1e1af04a4f8d66ff189bddda78fa3e

    • SHA1

      894a87c5148a668b091da0dc9a62ab69365c2f5c

    • SHA256

      eea171d5feee7f086c111cd8fc2e9cb315f8888ce5d6cbe42f5451f436b07f5f

    • SHA512

      abb1256fd91671f82544e372ef402b0b70651f94bb9fc1c9ea824ba05ae788079a2de8f515819aa071a91c4b385bbcaf2486e3375ba60e16a9c849eec1e70795

    • SSDEEP

      1536:CRdeDqhiLLl2EgJjrxDrw3bXLJzzd+6O2gvz8nRCsGAAuG:CRdeDqEoRhrxDrw3bbJvd+6OvvgnksG

    Score
    1/10
    • Target

      Installer [GitHub]/x64/WindowsInternal.Shell.CompUiActivation.dll

    • Size

      75KB

    • MD5

      58502071eb61854628d945e5cda888e4

    • SHA1

      15ad65a2642fa6a2d0d58bfd1d9be7a738700eec

    • SHA256

      6572b3dd50cc115e7d93bf640963684d157e1b456d8e8686f19e6b4e025dc684

    • SHA512

      3a9ae341c82d326c813bddacfc1d3671789b5e743746dc6bc22d8885c8119c8513ba8dde48ba1bcbff62c7addd939195cd49cc4e0003d11ca9b640e9a5ab05de

    • SSDEEP

      1536:FeK8LVl5ZxB9xaUPF8MyppVz9XYpJ923hbPit+lCRDRUwl:QdZxBqUNUXVzaCi4CR3l

    Score
    1/10
    • Target

      Installer [GitHub]/x64/WindowsIoTCsp.dll

    • Size

      22KB

    • MD5

      81929b5985592e83518a5c4d38494144

    • SHA1

      0cc5a36e80cb77c53c566f9b9685147f479ecff2

    • SHA256

      e0f9586d626dcb4a980cd32d42b44f1f0911ad222134adf629b1032f65ddc3f7

    • SHA512

      da1b2c236e94bcf4314f55af14bf1d5a377a29152b94c7cad8aa5938d5a97dbf5e3398852d9fdc5eb105fffa28465fe591022b75fbfecb99c7124a2683a15139

    • SSDEEP

      384:pPkroTrfMzJtlRUHOgoeemTokQTavniZsAxWOQoas/RTBQEB90xjKaSWcUW1:KYrOklZ/vIWOQFu1vB90dl4

    Score
    1/10
    • Target

      Installer [GitHub]/x64/WindowsManagementServiceWinRt.ProxyStub.dll

    • Size

      82KB

    • MD5

      3374f3da3a18649391b883f1f6a880e5

    • SHA1

      c0e93d451160c2c5232b3b912dc4afd97dd19d80

    • SHA256

      8365e7f061efeb4f62edec2abeb05fda67fded065ec2bdb900b25ab937181646

    • SHA512

      2330429d813f29522ac034cecd3c65a678464c3a12d560ebdaace08957ae486ee080f9863cbe81f894eed7f7fe8796009f338bd474b84aa984e197d41c7e8f07

    • SSDEEP

      1536:jSZ1rGsiTvdIcF/IeLapK7uSV7fDKzLsP+J+zurC:jS7OLap1SZr8sx/

    Score
    1/10
    • Target

      Installer [GitHub]/x64/WindowsUpdateElevatedInstaller.exe

    • Size

      42KB

    • MD5

      9bfa72e3f5aeb427a3d7d4d6d3be1ebd

    • SHA1

      e8aec40aaee42faec94a747821cc4b7d09147eac

    • SHA256

      e387376538f15a27b9548db7abbc04cae62cce7cbe7bacb1b504f5d082ad83fc

    • SHA512

      d00a6e1318c85d7f0516a56840a6d83fb1488d7d11584b7f468e20b3316a552801214075cf886f8389f3099eadc67df79df71a056be85ad597517997a257d0b4

    • SSDEEP

      768:ZzEjDzLYl6jzw2kJfx+1yBjTJaFbvgNLEJMqeZqTOV:Zoe6jzw2kv+cBIoCZ6qTOV

    Score
    1/10
    • Target

      Installer [GitHub]/x64/blbres - Copy.dll

    • Size

      2KB

    • MD5

      df5a7a6d0383a49eb1a8f92a82b4320e

    • SHA1

      11e09b10ac4ad4ed09c157114feb33e250481032

    • SHA256

      5820801622420d26c8248335a78d76165204ecc3b644319f6a27d5d0ee8ef1bd

    • SHA512

      65f38a20205ff778ff3cd87e04312d7ed584657f7434391a04d6d6fd576cebce14fe448c3bbba1497c15751004c6eb80023583fff035cfc174a14660d45ab57b

    Score
    1/10
    • Target

      Installer [GitHub]/x64/blbres.dll

    • Size

      2KB

    • MD5

      df5a7a6d0383a49eb1a8f92a82b4320e

    • SHA1

      11e09b10ac4ad4ed09c157114feb33e250481032

    • SHA256

      5820801622420d26c8248335a78d76165204ecc3b644319f6a27d5d0ee8ef1bd

    • SHA512

      65f38a20205ff778ff3cd87e04312d7ed584657f7434391a04d6d6fd576cebce14fe448c3bbba1497c15751004c6eb80023583fff035cfc174a14660d45ab57b

    Score
    1/10
    • Target

      Installer [GitHub]/x64/bootux - Copy.dll

    • Size

      3.8MB

    • MD5

      7a928c77b433462246a9fba8fe0f2cc8

    • SHA1

      7b424a55a6276a8c0112cb94bb4c1bf0f45ca8d1

    • SHA256

      4bafdd9d0587bdc8bac5c5c510f863592a80b80a39bc4f5e5d1741f0b3fe9505

    • SHA512

      47bae60ca35527ad749f4f5444cb1c3d3bbc9e6ba4c4e62f0c5c45c32d461d43fd0989869d99c1d310ca09463fe2ca91eb31f59746930f1dd0deb96678265ec7

    • SSDEEP

      6144:n8K3IMDr6S9RsSXEcA5X96K7Rdh65YmFZ7C4:N3IMnF9749h7rh65YmX

    Score
    1/10
    • Target

      Installer [GitHub]/x64/bootux.dll

    • Size

      3.8MB

    • MD5

      7a928c77b433462246a9fba8fe0f2cc8

    • SHA1

      7b424a55a6276a8c0112cb94bb4c1bf0f45ca8d1

    • SHA256

      4bafdd9d0587bdc8bac5c5c510f863592a80b80a39bc4f5e5d1741f0b3fe9505

    • SHA512

      47bae60ca35527ad749f4f5444cb1c3d3bbc9e6ba4c4e62f0c5c45c32d461d43fd0989869d99c1d310ca09463fe2ca91eb31f59746930f1dd0deb96678265ec7

    • SSDEEP

      6144:n8K3IMDr6S9RsSXEcA5X96K7Rdh65YmFZ7C4:N3IMnF9749h7rh65YmX

    Score
    1/10
    • Target

      Installer [GitHub]/x64/opengl32 - Copy.dll

    • Size

      36.0MB

    • MD5

      ca1aaaccc6f19ccd74a48eea51c03338

    • SHA1

      c0ca48ab85406b6a98761a212c3e5fde92ada7ec

    • SHA256

      d109ab0e8f7aa6f00992368b72c9a8aa0cf6d1b1563c3ab1caedbdba9c4476ba

    • SHA512

      8bf7382fdc59649a1b44107d4289a8ea898f19c2addb3d5fc87a1c60baa667abac359d084829b552b391456613a0e3273a64d3d2464d780cc1d7d6ef5c204a31

    • SSDEEP

      393216:LoT0RoCZueyqN9LB2xmcR+hcoPwdyzjpECaT0UMPbGLsXT4El/uRKgI9v/2OlJ/I:84vb0GmnI9NX0

    Score
    1/10
    • Target

      Installer [GitHub]/x64/opengl32.dll

    • Size

      36.0MB

    • MD5

      ca1aaaccc6f19ccd74a48eea51c03338

    • SHA1

      c0ca48ab85406b6a98761a212c3e5fde92ada7ec

    • SHA256

      d109ab0e8f7aa6f00992368b72c9a8aa0cf6d1b1563c3ab1caedbdba9c4476ba

    • SHA512

      8bf7382fdc59649a1b44107d4289a8ea898f19c2addb3d5fc87a1c60baa667abac359d084829b552b391456613a0e3273a64d3d2464d780cc1d7d6ef5c204a31

    • SSDEEP

      393216:LoT0RoCZueyqN9LB2xmcR+hcoPwdyzjpECaT0UMPbGLsXT4El/uRKgI9v/2OlJ/I:84vb0GmnI9NX0

    Score
    1/10
    • Target

      Installer [GitHub]/x64/trading_api64 - Copy.dll

    • Size

      282KB

    • MD5

      2bca4e2c047ec969cb3cff277e7fc184

    • SHA1

      c4b5b00b605e59c6fdcb6731f2e53069506e287a

    • SHA256

      f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69

    • SHA512

      3819178ec650298157b1d67317e0895cb92709b106d0d8525921e341eba5e960f42434e010066bb405f1ba1619adff1a645ede58e16c4b2d88df2c90611a6cb5

    • SSDEEP

      6144:Aa0EKzmilQBrUssevOkHcAxilMrCynC0bcLd1x:B0EZbr3se1SynC9x

    Score
    1/10
    • Target

      Installer [GitHub]/x64/trading_api64.dll

    • Size

      282KB

    • MD5

      2bca4e2c047ec969cb3cff277e7fc184

    • SHA1

      c4b5b00b605e59c6fdcb6731f2e53069506e287a

    • SHA256

      f1eb582e607a1e43cdb1654bfb7cb29ad46f6728b3fb89a14f7727e0e8daab69

    • SHA512

      3819178ec650298157b1d67317e0895cb92709b106d0d8525921e341eba5e960f42434e010066bb405f1ba1619adff1a645ede58e16c4b2d88df2c90611a6cb5

    • SSDEEP

      6144:Aa0EKzmilQBrUssevOkHcAxilMrCynC0bcLd1x:B0EZbr3se1SynC9x

    Score
    1/10
    • Target

      Installer [GitHub]/x64/tradingnetworkingsockets.dll

    • Size

      4.1MB

    • MD5

      3cf26ce759c5e261fe3ecc6451b8b08e

    • SHA1

      b5da110034fe394a4020367404534903764473fe

    • SHA256

      fc4a65ff603bf1f4bfe323de1866145ae1e006aa656799fd134dfa63d92d47c1

    • SHA512

      e7b543483f38bb6338490b5c8f5da6f95e0d78b45f2b26d898cc3b58cf7c359952bfe413414cb6cd1532c3c6fd7a860026b2bec7b6d0ddfbee9a1385a62e14f2

    • SSDEEP

      49152:kGtlqhcIU6ilVwASObX9F+LWDumqrJjAZVT4kmrqEUAYVxkG3q+XRQsmqkALD4z4:M+dl7+8z1mqkA8lv0bH1bBGZZs

    Score
    1/10
    • Target

      Installer [GitHub]/x64/winethc.dll

    • Size

      91KB

    • MD5

      4c000de0827d1290b67241603cf8ecfd

    • SHA1

      be21b2b4ec63d2fb668e3d01d23510e9c4ef162e

    • SHA256

      349f86fa3af355de73093d329de8f19fcc1e215c0ffc5b94f5286fcb50c0ddcf

    • SHA512

      e6edb2ccf1cfce8511ade1a4fce0c8f16eb6066feff31ee028e2c2dabd977264b6887767b65e6199f5efcbae6e52950c390582b7b38cefcf60eaaf34eea43920

    • SSDEEP

      1536:/YNLQQ4D8YuvCLFPQRy5RXUIJHMTqlyAx0oE1/FzeG0KLSAn/EMdhRfuvbW6:ygGoUIhMee/FzeGd7/xh2vbW6

    Score
    1/10

MITRE ATT&CK Matrix

Tasks