Overview

overview

10

Static

static

3

Additional...rs.dll

windows11-21h2-x64

1

Additional...V2.dll

windows11-21h2-x64

1

Software_Setup.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FullSetup(ChessBotX).rar

  • Size

    63.5MB

  • Sample

    240626-grn84ayfnh

  • MD5

    f2b19e762371a037c59955becc37e533

  • SHA1

    84763c5a77ab770355b071ed88d7a1bac8d0278d

  • SHA256

    7526d982e57b6147b1a57a9bf4f65ef8558951484e123dfabc9260b164f10f7f

  • SHA512

    7769f2452ed8983d0da962f9fede235ee6036753ee186e8f28cee2cfbe72de8d332eed055ec20db3a3b58b6c37bbb72a2f21985aa6fc7740301b207e46ab23fc

  • SSDEEP

    1572864:g5lqQ8NDqQCQshWfOOh46kmxqlH1G1TN5JsVTctwpIJTxajkeV:gLqxNglhW86kwqlH1aTN5aSSpIQ

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      Additional/bdfilters.dll

    • Size

      4.1MB

    • MD5

      ed730387fdcd684b756601b863c47417

    • SHA1

      c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde

    • SHA256

      9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5

    • SHA512

      e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f

    • SSDEEP

      98304:Xl4qYuQxqYfHYosUiJovT7DBmmhjSF5og3Vk9O0KChvvvveo:XuqYuQxqYfHYosUiJoviVKvvvvJ

    Score
    1/10
    behavioral1

    • Target

      Additional/libGLESV2.dll

    • Size

      1.5MB

    • MD5

      aebbd25609c3f1d16809c02f12e99896

    • SHA1

      7675d0f61062490b8c7043a66a8d88d5d147f7a9

    • SHA256

      6765d163fae52331dfdcccab371c9b8b5cd0915bfdb14bbf2ca5d3f42bb29f4c

    • SHA512

      a441ae0fe98ae39ed7fd1feb410bcac3aba9179242c62166190926588b97e11f0a3442d0619c6a2f6070e336a82d7fcabeb89461ff15fe878da13f2a57710f87

    • SSDEEP

      24576:IGyEmXb3NBT+BZDQnVjDuBy8aTnilzT8QreNdJU8GAeZRyRWh:I8mr3OaDVXnilcQreNdJU8GOWh

    Score
    1/10
    behavioral2

    • Target

      Software_Setup.exe

    • Size

      63.9MB

    • MD5

      9ff7e52416b7d3ca8b7e035d4b15f60d

    • SHA1

      ecf06e8679da62922f3d52d2b9e756ba311e4203

    • SHA256

      ec4cd02feeae2e57341cb7ff396fac7d635c914775357b95a0ae3bb73ced8703

    • SHA512

      974b9d2d21ffc0d780fb5bb531db3f4edf979e032e2b0fa9048310885fa7cac06fc138b4aa5a9d6bb19a7fc7676c72e98a9ba9c60b35428a699774b34af474af

    • SSDEEP

      1572864:jDkFLa2/bDkFLa2/bDkFLa2/bDkFLa2/bDkFLa2/z:j6/6/6/6/6f

    Score
    10/10
    rhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks