Resubmissions

06-04-2024 02:48

240406-dagadaaa78 10

05-04-2024 14:46

240405-r5m83afc49 8

General

  • Target

    DOC1718 - 17181718.zip

  • Size

    25KB

  • Sample

    240406-dagadaaa78

  • MD5

    9953bf374579b92e1ed35b6f03a63e7b

  • SHA1

    fbd5a558ef7e1c530c627d02fa2d3d5bf4d29fa1

  • SHA256

    b735e0755789edf539cff7e83d3f954f6768d246fcdb72d86bc21ef77c747db7

  • SHA512

    4fa94ab36bd341b18b15692ac4e7fffe13fee842ef18b4b630fad38d6df9f5b8e6aaddef4916d051e403357f963259076d1a9dfa307d9a56c315453ed754e468

  • SSDEEP

    768:RrYcYFqPxguKC7o3/ZpkF5AkIEwdXNp5FH9VVatc+E:q0CpZOPAkWhN/FdfQc5

Score
10/10

Malware Config

Targets

    • Target

      DOC1718 - 17181718.lnk

    • Size

      9KB

    • MD5

      b2f8f92b1a74fcbe95a7a9cd50994785

    • SHA1

      a124648dddeaaef25245643f98df6c50ec693b94

    • SHA256

      ba41a32b699a07b7a0d7871839ef0c86a9eae01a3277c151a24d288919832fff

    • SHA512

      1107e818462ad8f8f9a13f052df590c6a964a6d79aa33fc0fb91eda9ab1b05eaca64bab604834d092d57f232a188b94403125569dee9f0cdb61983a6b7c3f7e6

    • SSDEEP

      192:8z5P5hm3MSBf2TL52FWGkOlRKAaqPVpVIZhVjjpOW234jXAc0y:u53cMS5ZFbkO3KYyftoy

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks