General

  • Target

    DOC692-692692.lnk.zip

  • Size

    26KB

  • Sample

    240405-ntewrsag7y

  • MD5

    d00d0e67c7d35c9a4abebf6de8313e94

  • SHA1

    8647078e528e3cc30726b81c4a44e6f2e76598e2

  • SHA256

    3b9db9baa7abb0f6648f2ee6147486a9432e4c635d47a4b8e0202fb922106aef

  • SHA512

    2c02d59d41d5c67b0f1af1af233f89b92caf8c11adbac2dbd49af0a57315b35ced3a78dcc4ae42e7f7098ceef1acfad086d249aec518b795d8f2747881135a51

  • SSDEEP

    768:un4Uy2i97Q/ZpkF5AkIEwdXNp5FH9VVatc+T:unorVQZOPAkWhN/FdfQc0

Score
10/10

Malware Config

Targets

    • Target

      DOC692 - 692692.lnk

    • Size

      9KB

    • MD5

      a344b567076691b5cd838512c99bc884

    • SHA1

      0de4ad8f9f127c0c444bb7db4459d0977b1f6506

    • SHA256

      decbd662ecab295cb2c060232a6de8218843d671b7cb628aaf769ba4bcdf126f

    • SHA512

      ad6d3fed7647c933c9a23938f7c39a8799d5845cd6a9e1fec6d0a2044c740795d428e89467c4e5b1f8217217f272863438b68e160da312d6ae8498af9688dd98

    • SSDEEP

      192:8z5phm3MSBfQbxE4l2g9FWV4FBno2dzSkbP43O5yrf68g493f61hVNeXkI:u5fcMS5Qb6EouFB3dzBbw3Omf68Zp9XV

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks