General

  • Target

    MidjourneyAI.zip

  • Size

    173.5MB

  • Sample

    240407-gqh1pafa88

  • MD5

    e71663fa39412619bc922ba9cb868408

  • SHA1

    ef340f4350eba1c2110670e9f41af6389745003a

  • SHA256

    11f59fa34a25b45456caa66b094c4b42e928a74fba02ccb3e6216516737c6294

  • SHA512

    d09de4324c7502e479ca9ee4bd8764aada87246f23e5ec881b0729fc015e397870d327ba1aeab774d97eaf99f48dc27d58f1e2176221c666336de267c7fb7242

  • SSDEEP

    3145728:lQTkP8SJPSc27/qg144azcxD9Auw09zR2VBpLJbdXYKeDcF91TU:OTg5Sc2sz4D8a0DpLddX3HTU

Malware Config

Targets

    • Target

      MidjourneyAI-Setup.exe

    • Size

      113KB

    • MD5

      e354a416c9929fc647f08765ac15478a

    • SHA1

      91cd09e43c52aad7d39f3b1ff9f79387a03c2d90

    • SHA256

      a8a09d4e1ddbe4de188100b285a53b53b10677e4fbc93014e07211cdaf532e7b

    • SHA512

      3df99c87a063467563d976ab158da704ed63a1f4bb6d0e470b5597b5bdf56c573d46bc92d04d64cdf2dc004e7c421dec9fc9c91be2dd90e2408afa3bfbc6494b

    • SSDEEP

      1536:54OQUJJsxmzBalcFg93Kh2+g/KbkDVUM8r9cKHvZs8jcdEcgVu95Vc/wsrP3/pB:iUkWBEcSFKh+DinzEEcgVubVc/wsbvf

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Target

      d3dx9_43.dll

    • Size

      220.0MB

    • MD5

      5e32f5e1cbfb84809d22993d095e4901

    • SHA1

      816c6c3c9f7a4ea07027fbf3ced913e0923a4ceb

    • SHA256

      3b91bef8c1d647cf36aa666b25cc719303f175fe7eb4d6bd52946a96be447d89

    • SHA512

      516de86e08181f8c7d74c7dac4529e1d88b976016ee7f71d9263c97a4a654f2e3b61f4c676f9898676f253457549a4d871d6cddc07f1469a7fb7f911dd412c1c

    • SSDEEP

      49152:Z566l2u45ONYFrz31Cv3D29kd6kj2UQiI:Z566l2u45ONYFrkvz29kdJj0

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks