User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

General

  • Target

    ghjk.exe.5

  • Size

    5.3MB

  • Sample

    240516-22lwyadc49

  • MD5

    de08b70c1b36bce2c90a34b9e5e61f09

  • SHA1

    1628635f073c61ad744d406a16d46dfac871c9c2

  • SHA256

    432747c04ab478a654328867d7ca806b52fedf1572c74712fa8b7c0edb71df67

  • SHA512

    18a30e480ce7d122cfad5a99570042e3bef9e1f9feda1f7be32b273a7248274285c65ac997c90d3d6a950a37b4ea62e6b928bfefc924187c90e32ea571bfd1f5

  • SSDEEP

    98304:/+p+LLypykV4RJGIfsv7RynHr/x1leOzcv0nbzKIKFStIJ:/+pMLCYJ/svlUr/x1vzcvib+Ir

Malware Config

Targets

    • Target

      ghjk.exe.5

    • Size

      5.3MB

    • MD5

      de08b70c1b36bce2c90a34b9e5e61f09

    • SHA1

      1628635f073c61ad744d406a16d46dfac871c9c2

    • SHA256

      432747c04ab478a654328867d7ca806b52fedf1572c74712fa8b7c0edb71df67

    • SHA512

      18a30e480ce7d122cfad5a99570042e3bef9e1f9feda1f7be32b273a7248274285c65ac997c90d3d6a950a37b4ea62e6b928bfefc924187c90e32ea571bfd1f5

    • SSDEEP

      98304:/+p+LLypykV4RJGIfsv7RynHr/x1leOzcv0nbzKIKFStIJ:/+pMLCYJ/svlUr/x1vzcvib+Ir

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks