Overview

overview

10

Static

static

10

bytes.exe

windows7-x64

3

bytes.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3voice-bytes.zip

  • Size

    3.5MB

  • Sample

    240724-nelqrstdnm

  • MD5

    5001d81def994f2b6fbc6327562c3c3c

  • SHA1

    d67622a8439589ee04e84fb102ad5f94c64c2215

  • SHA256

    2d81663c3314ae17030e294453deb5e80cbef4c04a180027bbbe2ea5f2473d8d

  • SHA512

    6069a5b1b407a4f0b779c81ca75f0902ded9c4e2d654bfa6547bfb731461c7e198f429e16fe449a8bb3969ada42acf0ac12ee1526cbecfb944fe7463fe40df9d

  • SSDEEP

    98304:xEybI+Ri7713CCskZzEHdEX7tMMMD4PM6KsOxIvuzC4Eh6Q:Ft0Nfs6KEXDMhtlx86M

Score
10/10
hijackloaderrhadamanthysdiscoveryloaderstealer

Malware Config

Targets

    • Target

      bytes.bin

    • Size

      7.8MB

    • MD5

      3db70f7c982700300ba7ddd81f1210b4

    • SHA1

      c4b1c824a917d998663aec47de548d75fac62761

    • SHA256

      7fbc872542b61d592eff2aa402d9310dafdb01f550226588e2d95050bac434fc

    • SHA512

      a85d79075294e3692ebb2f6fdacc0cf7684d0a594c1e68802b9a3cb495dacb07e0e7727ee1dcb6539a3711348679eca5a04a0b6a67daf1222b77638738d4bd4d

    • SSDEEP

      196608:2oyqaFBPNBLt3/qbRAsul1LJ3ZMvbsGLqg6vI:wqiNBLBbLJ+12g6A

    Score
    10/10
    discoveryhijackloaderrhadamanthysloaderstealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks