Overview
overview
10Static
static
3TradingViewPRM.exe
windows7-x64
10TradingViewPRM.exe
windows10-2004-x64
10d3dcompiler_47.dll
windows10-2004-x64
1dxcompiler.dll
windows7-x64
1dxcompiler.dll
windows10-2004-x64
1tflasher.dll
windows7-x64
1tflasher.dll
windows10-2004-x64
1thunder.dll
windows7-x64
1thunder.dll
windows10-2004-x64
1vk_swiftshader.dll
windows7-x64
1vk_swiftshader.dll
windows10-2004-x64
1vulkan-1.dll
windows7-x64
1vulkan-1.dll
windows10-2004-x64
1General
-
Target
TradingViewPRM.rar
-
Size
9.6MB
-
Sample
240519-2y95csfg38
-
MD5
f6710eac0434f8d3e4dba203398f48d2
-
SHA1
207020bc0390a99d5d36f509e5cabc0c446938e9
-
SHA256
c10f2ab79dadfe62b64ccdeff45a158c0b51541b51f38711a72f716eba746a06
-
SHA512
64d9c862149bd0e831c0af3bfe7a5ec1c37dd8caa10f33ab31f6715509f7cb9eac596253ee3ab152defbff0b67a19682176618c530621199e809fe0513c516ca
-
SSDEEP
196608:ADnbxQiwBJWlqqIM6iFM26FdRg2yWAh62ThBsiYJ+ONS0IDd1VdyfLX:iQiJ6ii6yAh62Tkis5N+JALX
Static task
static1
Behavioral task
behavioral1
Sample
TradingViewPRM.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
TradingViewPRM.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
d3dcompiler_47.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
dxcompiler.dll
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
dxcompiler.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral6
Sample
tflasher.dll
Resource
win7-20240221-en
Behavioral task
behavioral7
Sample
tflasher.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
thunder.dll
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
thunder.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
vk_swiftshader.dll
Resource
win7-20240508-en
Behavioral task
behavioral11
Sample
vk_swiftshader.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
vulkan-1.dll
Resource
win7-20240220-en
Behavioral task
behavioral13
Sample
vulkan-1.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
https://rentry.org/GTFOTHERESNOTHINGHERE/raw
Extracted
https://bitbucket.org/gedegrereghh/fuckyougithub/raw/8cb9b55e44e6ccb04ad3d6503204310cac798748/win-unpacked.rar
Targets
-
-
Target
TradingViewPRM.exe
-
Size
7KB
-
MD5
ad57687708febf82604bc83860b1cf2e
-
SHA1
6e5feb119f2163e1301685a07839709f5f0fffff
-
SHA256
2304961af29fb386d53feb3fbd474d78f8e1f94c85964bc985a91b5f8c1f01b3
-
SHA512
36f3d03a0de38ab66d11dc8814e1d0c6c2eb3156e357614d1662d614f905c82fb58cfcc701f6091b6727d61bcbe920f934cf787b25ba6f57c48cd98316d963da
-
SSDEEP
192:texT398qvjT3xszLGjcJr9emxan6HvUqGwc5nYYvkVAud9:ExT39nvxOLGjcJrQmxan6P/Vc5nYAkVH
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
2191e768cc2e19009dad20dc999135a3
-
SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a
-
SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
-
SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
-
SSDEEP
49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
Score1/10 -
-
-
Target
dxcompiler.dll
-
Size
20.8MB
-
MD5
74f676688f0ce73468828a733eef1ae2
-
SHA1
66fc9924eafea64c7466760cba06b471bf135532
-
SHA256
1638c1a8486ec32a826a1e414e92dcb8c7c7c1668d071d97ba767c6a96b53b37
-
SHA512
455e1847743e7d289bcbba9b72015ac85fce1444b914ad59ffd7b0209604b50c018abddf472a000d205ed7c0d80a48ded56c886b7adf153733aef7cd36ab09cb
-
SSDEEP
393216:5sor/VKSqhURirPtV+mW7zpfa2k4ZMmsMBGl/5:5NB84ZMmsMIl/
Score1/10 -
-
-
Target
tflasher.dll
-
Size
1.2MB
-
MD5
9e8d0c3657240a19225f0dcc5ee67e66
-
SHA1
ac10e50ad6893094e34ef5ad6adfa4af1693550a
-
SHA256
bd9710b72dab2913d92731ee96904b22a43a178664c9b7b60bd41f3c04738900
-
SHA512
a0a5b2ec05b8d9e997a21d8d60d793c247bc8f59ef742e01373687884813d3dd20786dde36bb6cedd2c6ac1fc11bbee049cf01fb725ec25c67590bf0f4ab3de2
-
SSDEEP
24576:oPws+up2wxVNNMV6QIMYExzfAqo0IfX1e:oPws+jwxbN+63fsjLIte
Score1/10 -
-
-
Target
thunder.dll
-
Size
121KB
-
MD5
0dea1240e52375e2cd6c6056720da5f8
-
SHA1
37a4a277e51727e5fb6384760c19baf207aeffba
-
SHA256
f22f279160e0a9979d311f4ae64b29f6cf480dbca488b9977810d5b6d770b482
-
SHA512
1e12e2c7c90bd75c060b073aa47e406733a7a196a2f2785c902acb968090b5b083d15280404757d06d67c43bd2e4a608fe45d9d4ebc743e861d1f28715442abf
-
SSDEEP
3072:KJB7frfe/i1+evBJA9CZQ1CLXAtpFrpqpqpvKINZwwcrP8cx:KJhrfe/i5pXy1CeKp
Score1/10 -
-
-
Target
vk_swiftshader.dll
-
Size
4.9MB
-
MD5
183c887b6d1268d583740312d0852fea
-
SHA1
a33b881d863a8e8e808d6ddb906b8f8c8c348138
-
SHA256
2fb5bd2897fa99ca5dcf2d45830a07755d30d6d8cc3751d80be28cbd90226030
-
SHA512
372c1b95613b3273a374f6f025b36717b4fff9b18a30a6ab97df92c5e9b615dcada7660c12d77a19960ff63f2b9078937cc2c75ed60d3a7361e455ad150a9fda
-
SSDEEP
49152:ynQMZsIbvKss+W3QXTvxcz/hDDuaqoKgCkE636GOmHdKDRxVop26ArW80WHBC+4y:2QM7SQ6ufnHXYGnokh
Score1/10 -
-
-
Target
vulkan-1.dll
-
Size
933KB
-
MD5
e43b12cf3c7a21a5c50d3c7b4f88ab04
-
SHA1
79664cf6cfb23c3e78361f817bac1440e6c7fe41
-
SHA256
a73ef0a1dc0578cf64e856dc9461ba135bd742f3d5f60713e4d645e17533e9c9
-
SHA512
656841544adf4fac2abde64bd62bc9392e76178797e81f73a13af05f84e6f51ad83aba1320a2af17e910bc3eb35c40ef9ba386f36ebd443ac04acefc10dc0248
-
SSDEEP
24576:57SR7TmAl/bFPmGDsfNy6Z5WiDYsH56g3P0zAk7LZIOayz:57A/bFPmH86Z5WiDYsH56g3P0zAk7LE
Score1/10 -