Overview

overview

10

Static

static

3

Obrazy nar...ie.exe

windows10-1703-x64

10

Obrazy nar...ie.exe

windows10-2004-x64

10

Support2

windows10-1703-x64

1

Support2

windows10-2004-x64

1

msimg32.dll

windows10-1703-x64

3

msimg32.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Obrazy naruszają prawa autorskie.rar

  • Size

    84.5MB

  • Sample

    240731-wccn3swbrq

  • MD5

    494910583ec2ed1ccd6c0728499c3179

  • SHA1

    3e4a99f631dbcfbae74282ab96f8a00bda6bbdd9

  • SHA256

    93ce0080552964fe08b9e53fa11eb9d01b0d1198e55979f638a827a6e67c51bd

  • SHA512

    daf2004ff4083675fc1f41f0b7dc055c2db39fab5c65f5762951f610652a935557fc52ae50a897dc0acc6518cef303171b6e550dd82aad589af4a3571db71da5

  • SSDEEP

    1572864:k/zspw8TJzMc+J5JhtI/8GxFk3xzNr44KfjPiMGs1e4API/KEXQI:aMTJz5v+Nr44KbPaggwQI

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://103.68.109.208:1630/aeca1ecf5a1fa55/lqpxpr0i.rd4us

Targets

    • Target

      Obrazy naruszają prawa autorskie.exe

    • Size

      1.7MB

    • MD5

      30307b319b2451b6bf61d3e6b232f1da

    • SHA1

      6a512848872be1325761e7ca110e0a1ee91cb0ef

    • SHA256

      a7dbbad8a1cd038e5ab5b3c6b1b312774d808e4b0a2254e8039036972ac8881a

    • SHA512

      7833ecb30a75324af6852e3583a609a653652f3cda9037ace7a1098ce7e52ed4b994c5ff1a0a0b4db748a01b06e8d4b8a10a50ebb9c0d4fbc8aa12dd1168f0b7

    • SSDEEP

      24576:17AMY27PG+4VWz3zYxQ2IQKbvavAyoVVxPuOcabAC9fH6lJUkwJYaTTgKmfa8+:Nwj+4VWnoqSkHNckbfH6lJ2XgKmf+

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      Support2

    • Size

      136.2MB

    • MD5

      437fc9a4f693f33fbfac19fc9d131ac9

    • SHA1

      43ea6330d0d1926e97ef79657f1edc811b2026a3

    • SHA256

      f3291a98446b3a24a7ccd4b44bc05bfd48502179835fe3429f81d211579f5a4b

    • SHA512

      4faa27cfa3a0bf2239eaa5843ae2c7fa698a13215219e9d2c1487dce059c198424de67b50897d6370bc277a919d4fb6772940625e06879985f9813972aca62ae

    • SSDEEP

      1572864:t+arVlnrjh+L6zLxXAyf6/99Maga6ZwKzSwbC5CmwN4ubqxSvPF1wKKp:t+iVVA+Z9f6wYKzSwbCKX70p

    Score
    1/10
    behavioral3behavioral4

    • Target

      msimg32.dll

    • Size

      1.9MB

    • MD5

      78509f0c765b344f2bca1fc2701c0980

    • SHA1

      0ab247f8f8e1deddd981f132b68647fc404fc0a8

    • SHA256

      48aaa2dec95537cdf9fc471dbcbb4ff726be4a0647dbdf6300fa61858c2b0099

    • SHA512

      636944318e74318d95e0bff7d8bfe1ff82d2e8c4ca608fa56a953b56fa97b8b845bacfaaaced636aea1df6e5b488cec014596afc4579838ab9bf7bcce59888c9

    • SSDEEP

      24576:7dqeOXnrNOEMudreb7LVkhdyJYKkbg6psPyWwxnMqfbc5MU47iA8koWOmydA7iRV:7tZA+rMVL7EZLOkALP7fi9Hx6nIzI2FR

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks