Overview

overview

10

Static

static

3

gugjUpdater.exe

windows7-x64

10

gugjUpdater.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gugjUpdater.zip

  • Size

    9.3MB

  • Sample

    240722-ysqa8awbkl

  • MD5

    d4e178f1d11d09238e71b3797c14b97d

  • SHA1

    ba3919e65cbfade435acd3222fdd950a8d8d5a74

  • SHA256

    18f1732ecf1f4a8933b088c87b1000296c25265954b0a26d16572774de2ad970

  • SHA512

    421a0e9d5166fceb832434bb4923562132db95506fb31cf34e2aa1a48efd2e220980d704fc783eb79f26836a1737738ad11b99fb8af0423dfdc7e69b20c03e59

  • SSDEEP

    196608:CHPSNbe7+fYX3nTXDxFpc85SFnrUfFWPxsoOdxk5P02EFyLSRVpBj:DNSyf4nTXD/pcu6UEPxsCP6F4SRXBj

Score
10/10
rhadamanthyspersistencestealer

Malware Config

Targets

    • Target

      gugjUpdater.exe

    • Size

      679.3MB

    • MD5

      110338c7214276a2f7eba4a9d43621a8

    • SHA1

      849817945ff02ace87ee7ac5f6eb6f66a4cfe33c

    • SHA256

      9cafa33cd3dafee4f4a02a2ad8d1a9121cfaeae6cde95f3da647cff7d3e4914d

    • SHA512

      f41e0dd2268492cf672cffbcf88a4b8575fd8cf1ef8d938fa5a6cb8d5bfba28f994b42adb1863c70ac3cde112cf8e488cf2e04b0abe48bdae066e33616c5ac9c

    • SSDEEP

      393216:tkfZ+0tsgG1a+OA0vBUJg+pw4Osi1FKT69NeBV8opaOm5TdhxJNKSYkL6nFn:4QpJMTJKr

    Score
    10/10
    rhadamanthyspersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks