General
-
Target
Black Myth Wukong 64-bit.rar
-
Size
6.4MB
-
Sample
240406-htl27adg53
-
MD5
6d11ec2f82d8385be4da159049468f23
-
SHA1
b9e6e2f325025b2809bc9eb3c1b273907b3ad9b5
-
SHA256
65b855d60a8f2583ad7f4ec3cd406ef598d71e6f32e67006bde3aa7061bb6798
-
SHA512
f667869e9cf41512f653747c04b068f59e4f47dfed831eaf738ad6e842a2687c234aeef224e4c8d182f6f7b0cf40b40b9395ea3ee56c95af071f145b11be766d
-
SSDEEP
196608:+PCa0yl4BoBI+frVa8zJNSEMLooUIT+r8+Zrcta4ud:+65yKiB7bFAEMpT+Xrsaf
Behavioral task
behavioral1
Sample
Black Myth Wukong 64-bit.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Black Myth Wukong 64-bit.rar
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
Black Myth Wukong 64-bit.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
Black Myth Wukong 64-bit.exe
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
BSR.pyc
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
BSR.pyc
Resource
win11-20240221-en
Malware Config
Targets
-
-
Target
Black Myth Wukong 64-bit.rar
-
Size
6.4MB
-
MD5
6d11ec2f82d8385be4da159049468f23
-
SHA1
b9e6e2f325025b2809bc9eb3c1b273907b3ad9b5
-
SHA256
65b855d60a8f2583ad7f4ec3cd406ef598d71e6f32e67006bde3aa7061bb6798
-
SHA512
f667869e9cf41512f653747c04b068f59e4f47dfed831eaf738ad6e842a2687c234aeef224e4c8d182f6f7b0cf40b40b9395ea3ee56c95af071f145b11be766d
-
SSDEEP
196608:+PCa0yl4BoBI+frVa8zJNSEMLooUIT+r8+Zrcta4ud:+65yKiB7bFAEMpT+Xrsaf
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
Black Myth Wukong 64-bit.exe
-
Size
6.6MB
-
MD5
be9c01d1b46fd869e93187e1b65eb820
-
SHA1
fe8f3b6e69af45663a8fd908a915d772aa388f83
-
SHA256
38ba384cdb7c9cfc9c6ab60138b1b62dc465fb60e5abab17500249b39827f124
-
SHA512
9489f74f0259b603fc3110a55ddddf1a0ccfb97dabec685ebf557d0a5dacc1ae00fb9a374c763327794760e7fba4323f0f4ef319cf1af94a4b5acf2042270308
-
SSDEEP
196608:phZXfdfhMWOHXGjAcMIaITlkruDOT6icm+OAAkjKW8p:X+L3bjImruaT6iBm
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
-
-
Target
BSR.pyc
-
Size
10.5MB
-
MD5
7a0e5fbbbaf82bbf0be66c5761dfbe7c
-
SHA1
b837618235d17c2fee6a02f0d3eadedc8d25d549
-
SHA256
ee4cac072df122d13ec3dfbdb1fe276a9d0193fec3b6552088eead067e36cca8
-
SHA512
644e36d6e7d043386c78aca405dcd208d283525743cb3509c1e292875ec877e32cee792aacc107ddee1b11dcfa480319299e084d3150bb169a63a24cef4003bb
-
SSDEEP
24:SfLFtLyxnSanyXUSanyXndzmiCCHBSanyHcXRSany+SanykSanyMo3SanyS9wSau:SfL72iCDkRZW7PvWWbrs8r
Score3/10 -