Resubmissions

06-04-2024 04:05

240406-enx1qaac21 10

06-04-2024 03:12

240406-dqergshf7w 10

General

  • Target

    DOC4310 - 43104310.zip

  • Size

    32KB

  • Sample

    240406-enx1qaac21

  • MD5

    b23df7cb39c50fd1568a10a5dea1f17c

  • SHA1

    f984a8ef72d8a3667308163380181958a5e48208

  • SHA256

    3fe025beaa778b6836eecc2fa30231e301dd747b2f0a33e417be3df24803c05f

  • SHA512

    405963f1cf79a2d3a5fd0445b8ce0fc3daf2960d8ef4928bfc1d169ba7b52c31bb5d18a523105341f69109593ffd3024d937eebfb74977cc92be4a61260f900a

  • SSDEEP

    768:GdP+jO+8mIcr+HIO9xli/ZpkF5AkIEwdXNp5FH9VVatc+O:GdPskcYIO76ZOPAkWhN/FdfQcP

Score
10/10

Malware Config

Targets

    • Target

      DOC4310 - 43104310.lnk

    • Size

      15KB

    • MD5

      74edbb3c3ba2d85fb544748b197c00c9

    • SHA1

      67d96de0f7af7ecee4b87e41970b093e174a1806

    • SHA256

      bb530d072743d54a2cd400181b1e80f08986360f7f55786d1438bffd00041569

    • SHA512

      d99b1ded96a7ea11c4882d9d552e2c3adccf5b098a75b27cfa48a679610e0f6df0e79d218dc4e9c01d683848daec332035328d8df4bf8351ab790093ea6c88a9

    • SSDEEP

      384:u533+MS5VoOiGrqndFQTlW7hMBoH4QbvDbhaFOVSRnZTTL0zW/i:yOMSToOiLFQJ+UoH4QbfhGRnxv0i/i

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks