General

  • Target

    d3dx9_43.dll

  • Size

    220.0MB

  • Sample

    240407-gr3fqafb42

  • MD5

    5e32f5e1cbfb84809d22993d095e4901

  • SHA1

    816c6c3c9f7a4ea07027fbf3ced913e0923a4ceb

  • SHA256

    3b91bef8c1d647cf36aa666b25cc719303f175fe7eb4d6bd52946a96be447d89

  • SHA512

    516de86e08181f8c7d74c7dac4529e1d88b976016ee7f71d9263c97a4a654f2e3b61f4c676f9898676f253457549a4d871d6cddc07f1469a7fb7f911dd412c1c

  • SSDEEP

    49152:Z566l2u45ONYFrz31Cv3D29kd6kj2UQiI:Z566l2u45ONYFrkvz29kdJj0

Malware Config

Targets

    • Target

      d3dx9_43.dll

    • Size

      220.0MB

    • MD5

      5e32f5e1cbfb84809d22993d095e4901

    • SHA1

      816c6c3c9f7a4ea07027fbf3ced913e0923a4ceb

    • SHA256

      3b91bef8c1d647cf36aa666b25cc719303f175fe7eb4d6bd52946a96be447d89

    • SHA512

      516de86e08181f8c7d74c7dac4529e1d88b976016ee7f71d9263c97a4a654f2e3b61f4c676f9898676f253457549a4d871d6cddc07f1469a7fb7f911dd412c1c

    • SSDEEP

      49152:Z566l2u45ONYFrz31Cv3D29kd6kj2UQiI:Z566l2u45ONYFrkvz29kdJj0

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks