Overview

overview

10

Static

static

3

DrakeUI.Framework.dll

windows7-x64

1

DrakeUI.Framework.dll

windows10-2004-x64

1

config.dll

windows7-x64

1

config.dll

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

iCrack.exe

windows7-x64

10

iCrack.exe

windows10-2004-x64

10

launcher.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    ICracklauncher.zip

  • Size

    16.0MB

  • Sample

    240409-ntsgvshc7y

  • MD5

    7aecfceb53f2c8e3db3acbdf0eaf8505

  • SHA1

    acfa9bc8deb21f5f9e844fc1362af566c56a9650

  • SHA256

    b67042a291ac385fe187641834a55613a4533ed69863ec8d5d50d59274e8609b

  • SHA512

    35607edd8e2ab96a26adbdfc63c2210a6bd9cb6087acd03573e35ab4aa6f541833aad941cc27843ed93e6ab877bdbd2d644d289a53556e7cec33301fbe0cec07

  • SSDEEP

    393216:2j6gAE7PdzD5UHcmPmY7EkJABH9nIyWwZZhG8iNpymeTe+CA/rpQ:2msDdzFU8mPxTJyVIxwZG8CreTenWpQ

Score
10/10
rhadamanthyspersistencepyinstallerstealerupx

Malware Config

Targets

    • Target

      DrakeUI.Framework.dll

    • Size

      1.6MB

    • MD5

      0562b4c97f643306df491a938ae636da

    • SHA1

      0807c37b711374ed4814a9518c9e264517de89a0

    • SHA256

      70e72477f7fe0018e043ce8fe2228a289459058ee41caecd6f05855898bc5b80

    • SHA512

      c969cd274b6bf65a34f1d129b6531616a3485a1f153088609ad2369d380fdec37c3e88a423495912715a26e353dd5498f7f9e73c895e9f3f18fc7d1e65d2ecaf

    • SSDEEP

      24576:nYyUyUxws47SDJ+wfa3ZsacYwzhmT5LOMobxqFFnM9Pv1w+Fus:nYyUyUueD001YwzhmVSMoNqFF

    Score
    1/10
    behavioral1behavioral2

    • Target

      config.dll

    • Size

      191KB

    • MD5

      c070f2421851420e832e4f5989a775a2

    • SHA1

      d6af3c48ffbe0fa1e0e54860836d3bbf374b8b46

    • SHA256

      d54fd6c5903eea49a75d620d4ba232f8effb1863f5f9c974e4ac0a8fb1904131

    • SHA512

      75c3edeb4c16d8e82eedc5595b9c3fde4cbd4a3e9deae1967ad513474920a48e4e9275fdc76f44032b1be570a4ece1a6393c4680af8989f67bcdec039d06798e

    • SSDEEP

      3072:87IcHKc0TwY4O6BlLiJxTmd9h1+fJ5uJnjpUoh/ht21hYvpMaoySJHPc8E:8dHV0Tn4pox6d9G4k

    Score
    1/10
    behavioral3behavioral4

    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      2191e768cc2e19009dad20dc999135a3

    • SHA1

      f49a46ba0e954e657aaed1c9019a53d194272b6a

    • SHA256

      7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

    • SHA512

      5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

    • SSDEEP

      49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l

    Score
    1/10
    behavioral5

    • Target

      iCrack.exe

    • Size

      4.8MB

    • MD5

      f3b1dd838a59c419431c5aa86c1a4feb

    • SHA1

      85ac1eb8a03bedcfbc3d44cedeb802f5cae2ea0a

    • SHA256

      fad83422bd338909393c57663ab1bcafb94ec684f74fdb95aaad925e82567fa3

    • SHA512

      dbaac6b3c531cd84eac6a9440534d18cbc599826357b1efe36cdd16be163bd68c6ddd4d3211efca0d5e8c2ca6868cfb0fb3c3e0584c515b89e1ab1cac8ef6889

    • SSDEEP

      98304:1vW7Ru1fkpfVmr/V9JfzD+p05u9qgo67Smy9BHbCMMjgml7/lg+QXcAz:JibHmTJfzAyQRoRmA1H8eFsA

    Score
    10/10
    rhadamanthyspyinstallerstealerupxpersistence

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral6behavioral7

    • Target

      launcher.dll

    • Size

      20.8MB

    • MD5

      ab2cc84a98d05ab8b540a9ad3a48ab15

    • SHA1

      d59736cefc5bb2d6fc429a5027bbb5b69039b555

    • SHA256

      3e41929571bd1307e71bc851dfe7a37c8657bb16a8387217e09660c46e8b57b3

    • SHA512

      84bc192b9232dbc427c2fb7d98727960f6f57fe769e097cfe8581feb778b54df8a6aaa8faac5cc060a2c137e10208e47a5529551aacde345a8fb2152796ebc47

    • SSDEEP

      393216:AUWnI3LyrngF82KMV+mQvB0WK0j6DWu016PN:srnFj6DWuo6l

    Score
    1/10
    behavioral8

MITRE ATT&CK Enterprise v15

Tasks