General

  • Target

    DOC527 - 527527.lnk.lnk

  • Size

    9KB

  • Sample

    240405-kww2aagd68

  • MD5

    8f67aaa7b8bf4df78de954a16bcf67ca

  • SHA1

    2cedea1467518ab950820767b6f546344d228305

  • SHA256

    b8a5cb1a0bc2ddd5b12f29781391ce38806b8dd0af28a0612d71a58063250ae8

  • SHA512

    09519377b6dbedb528e4c96342b4c28ad71e2a286bb61866daea52d8a657969e4d53685cc14e122e8f3eb24e9ca5e0da6d77b2786d502b1b9a056c7154e83934

  • SSDEEP

    192:8z55hm3MSBf6OY1tvnT1wEuz4+nCWLFf3m/9h0yAE7oxMdPDTJvs3DoTNxHJ6:u5vcMS5otvnT1w7p9WIBE7UkpoyHJ6

Score
10/10

Malware Config

Targets

    • Target

      DOC527 - 527527.lnk.lnk

    • Size

      9KB

    • MD5

      8f67aaa7b8bf4df78de954a16bcf67ca

    • SHA1

      2cedea1467518ab950820767b6f546344d228305

    • SHA256

      b8a5cb1a0bc2ddd5b12f29781391ce38806b8dd0af28a0612d71a58063250ae8

    • SHA512

      09519377b6dbedb528e4c96342b4c28ad71e2a286bb61866daea52d8a657969e4d53685cc14e122e8f3eb24e9ca5e0da6d77b2786d502b1b9a056c7154e83934

    • SSDEEP

      192:8z55hm3MSBf6OY1tvnT1wEuz4+nCWLFf3m/9h0yAE7oxMdPDTJvs3DoTNxHJ6:u5vcMS5otvnT1w7p9WIBE7UkpoyHJ6

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks