General

  • Target

    6391-BST-SH.zip

  • Size

    21KB

  • Sample

    240405-jk4fjsfb53

  • MD5

    4dac87af2e8f015250cacab02bfa9816

  • SHA1

    4f34502d38002b179d9e9719194eaace2c873c4e

  • SHA256

    31bf95ff1e9fc8d0a1787c473e12a1448e7c34ea586e4c4ee5f68ab5d15ac594

  • SHA512

    7e0f3bded8eed34427de11aca494d393ce706493e9da8fabbb98ea6152f18021cfab62050e4c174c35992a4eb8dc259d3009311973d76823a1b695e77904f503

  • SSDEEP

    384:2GxqjjlMedK+ZbV47FSUe7wKqBA7oAHxL3C6/cEWlacEhZXEyEdf2:2jwObSAUvKqBA3HxL3z/Dc8XEyEc

Score
10/10

Malware Config

Targets

    • Target

      6391-BST-SH.lnk

    • Size

      11KB

    • MD5

      adf7c3664cea2c5ea0b0bed6092f782d

    • SHA1

      19d4c09d6a55b327fe7853da16ef259ccbb39635

    • SHA256

      ab77586e8f74d90236f06107b0cd965c7a2d78cc978c56ccf047e17bcefb8d46

    • SHA512

      f94c74b4b0dc049059c651e8b68a2b5b73f080c41bd9b2d7aa017010ecc9c6dcd8cb02508643ca54e6a0c07fa9294ad99d5bf5b242be4f5cbb01af13ce3e330f

    • SSDEEP

      192:8z54h/WKdqhSsL4QuOdU4vAOtV01NUzfmQLZbicaNO6aBhOiHm6vepsM77+F/dK:u5c/5LQTKMt6UzfmQdbi/w6MhO1GelOq

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks