General

  • Target

    TradingViewPRM.rar

  • Size

    9.6MB

  • Sample

    240519-2y95csfg38

  • MD5

    f6710eac0434f8d3e4dba203398f48d2

  • SHA1

    207020bc0390a99d5d36f509e5cabc0c446938e9

  • SHA256

    c10f2ab79dadfe62b64ccdeff45a158c0b51541b51f38711a72f716eba746a06

  • SHA512

    64d9c862149bd0e831c0af3bfe7a5ec1c37dd8caa10f33ab31f6715509f7cb9eac596253ee3ab152defbff0b67a19682176618c530621199e809fe0513c516ca

  • SSDEEP

    196608:ADnbxQiwBJWlqqIM6iFM26FdRg2yWAh62ThBsiYJ+ONS0IDd1VdyfLX:iQiJ6ii6yAh62Tkis5N+JALX

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://rentry.org/GTFOTHERESNOTHINGHERE/raw

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://bitbucket.org/gedegrereghh/fuckyougithub/raw/8cb9b55e44e6ccb04ad3d6503204310cac798748/win-unpacked.rar

Targets

    • Target

      TradingViewPRM.exe

    • Size

      7KB

    • MD5

      ad57687708febf82604bc83860b1cf2e

    • SHA1

      6e5feb119f2163e1301685a07839709f5f0fffff

    • SHA256

      2304961af29fb386d53feb3fbd474d78f8e1f94c85964bc985a91b5f8c1f01b3

    • SHA512

      36f3d03a0de38ab66d11dc8814e1d0c6c2eb3156e357614d1662d614f905c82fb58cfcc701f6091b6727d61bcbe920f934cf787b25ba6f57c48cd98316d963da

    • SSDEEP

      192:texT398qvjT3xszLGjcJr9emxan6HvUqGwc5nYYvkVAud9:ExT39nvxOLGjcJrQmxan6P/Vc5nYAkVH

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      2191e768cc2e19009dad20dc999135a3

    • SHA1

      f49a46ba0e954e657aaed1c9019a53d194272b6a

    • SHA256

      7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

    • SHA512

      5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

    • SSDEEP

      49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l

    Score
    1/10
    • Target

      dxcompiler.dll

    • Size

      20.8MB

    • MD5

      74f676688f0ce73468828a733eef1ae2

    • SHA1

      66fc9924eafea64c7466760cba06b471bf135532

    • SHA256

      1638c1a8486ec32a826a1e414e92dcb8c7c7c1668d071d97ba767c6a96b53b37

    • SHA512

      455e1847743e7d289bcbba9b72015ac85fce1444b914ad59ffd7b0209604b50c018abddf472a000d205ed7c0d80a48ded56c886b7adf153733aef7cd36ab09cb

    • SSDEEP

      393216:5sor/VKSqhURirPtV+mW7zpfa2k4ZMmsMBGl/5:5NB84ZMmsMIl/

    Score
    1/10
    • Target

      tflasher.dll

    • Size

      1.2MB

    • MD5

      9e8d0c3657240a19225f0dcc5ee67e66

    • SHA1

      ac10e50ad6893094e34ef5ad6adfa4af1693550a

    • SHA256

      bd9710b72dab2913d92731ee96904b22a43a178664c9b7b60bd41f3c04738900

    • SHA512

      a0a5b2ec05b8d9e997a21d8d60d793c247bc8f59ef742e01373687884813d3dd20786dde36bb6cedd2c6ac1fc11bbee049cf01fb725ec25c67590bf0f4ab3de2

    • SSDEEP

      24576:oPws+up2wxVNNMV6QIMYExzfAqo0IfX1e:oPws+jwxbN+63fsjLIte

    Score
    1/10
    • Target

      thunder.dll

    • Size

      121KB

    • MD5

      0dea1240e52375e2cd6c6056720da5f8

    • SHA1

      37a4a277e51727e5fb6384760c19baf207aeffba

    • SHA256

      f22f279160e0a9979d311f4ae64b29f6cf480dbca488b9977810d5b6d770b482

    • SHA512

      1e12e2c7c90bd75c060b073aa47e406733a7a196a2f2785c902acb968090b5b083d15280404757d06d67c43bd2e4a608fe45d9d4ebc743e861d1f28715442abf

    • SSDEEP

      3072:KJB7frfe/i1+evBJA9CZQ1CLXAtpFrpqpqpvKINZwwcrP8cx:KJhrfe/i5pXy1CeKp

    Score
    1/10
    • Target

      vk_swiftshader.dll

    • Size

      4.9MB

    • MD5

      183c887b6d1268d583740312d0852fea

    • SHA1

      a33b881d863a8e8e808d6ddb906b8f8c8c348138

    • SHA256

      2fb5bd2897fa99ca5dcf2d45830a07755d30d6d8cc3751d80be28cbd90226030

    • SHA512

      372c1b95613b3273a374f6f025b36717b4fff9b18a30a6ab97df92c5e9b615dcada7660c12d77a19960ff63f2b9078937cc2c75ed60d3a7361e455ad150a9fda

    • SSDEEP

      49152:ynQMZsIbvKss+W3QXTvxcz/hDDuaqoKgCkE636GOmHdKDRxVop26ArW80WHBC+4y:2QM7SQ6ufnHXYGnokh

    Score
    1/10
    • Target

      vulkan-1.dll

    • Size

      933KB

    • MD5

      e43b12cf3c7a21a5c50d3c7b4f88ab04

    • SHA1

      79664cf6cfb23c3e78361f817bac1440e6c7fe41

    • SHA256

      a73ef0a1dc0578cf64e856dc9461ba135bd742f3d5f60713e4d645e17533e9c9

    • SHA512

      656841544adf4fac2abde64bd62bc9392e76178797e81f73a13af05f84e6f51ad83aba1320a2af17e910bc3eb35c40ef9ba386f36ebd443ac04acefc10dc0248

    • SSDEEP

      24576:57SR7TmAl/bFPmGDsfNy6Z5WiDYsH56g3P0zAk7LZIOayz:57A/bFPmH86Z5WiDYsH56g3P0zAk7LE

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks