General

  • Target

    634197365295ceae7104357b3f573487.bin

  • Size

    15KB

  • Sample

    240407-brszdshe92

  • MD5

    b59e3e93d617c35f99413807237bbb4f

  • SHA1

    1762adf2c6bfdca4001b3115cc54bc711b2bc0ea

  • SHA256

    d7b616057f0338ca641205055c3902f032194816bac81bf4cdccdb77c34e0bd0

  • SHA512

    1240a9c25b15d221b9bfac68fd45d43e32de0a4a1a602f244aaaa345352ab50d4225adc86c2709b1c0c530365c8656a88b712ddffe766fbe762e876e7dcf5caa

  • SSDEEP

    384:Je4Aj+zoBNgVJ6W9DjMkMpyerknBmVNtLsM9/2gzgRdSy:JbAMSmMkMserknBmVTs2VzgnSy

Score
10/10

Malware Config

Targets

    • Target

      6d54dda9e14d5c38bea8f1b336e9e0eaa856c5d876b64d5e01d325dfcd066762.lnk

    • Size

      15KB

    • MD5

      634197365295ceae7104357b3f573487

    • SHA1

      86bbbc78b677f083a29d4586b940ec8b8569181a

    • SHA256

      6d54dda9e14d5c38bea8f1b336e9e0eaa856c5d876b64d5e01d325dfcd066762

    • SHA512

      9f4d4d57f5735396dbd744936fd15aa4a8611dde1ded2346d04db4779a80f060f14869772a80611a71c677018eb2875bfef7851d7ed42ad3d18a7398509961c0

    • SSDEEP

      384:u53cVMS5zx83Rpzta94tkfmNOJpyb8mgECY3A2IRRDVk8aR:XVMS9ml89+ZNOJp4+xnfRRDu8e

    Score
    10/10
    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks