Overview

overview

10

Static

static

10

updateload2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    updateload2.exe

  • Size

    4.1MB

  • Sample

    240805-gnhxxaseld

  • MD5

    f284c82401fcbac1bdde4b71a0af9798

  • SHA1

    c9390dc649d0f9e25339f87d7d5a59f58cd6b7df

  • SHA256

    9c760353cd7593ae5b5bdd79405a16568b2b7cb68fd7ad7cc5863b69a105a62d

  • SHA512

    b2b5564ec6012a04eff51349ddea2b7fab79599a46fae41376343d25f14d39329a525faad61513de7e93dd5d49c50dc5c7ed8a1022a33ba424f6c6dd99154366

  • SSDEEP

    98304:BiaVRBZ1vtleQ0TrFbpKyXTp/8zf8R9Mr4/Eof:B9Vt/eQiqyN/8zUs6d

Score
10/10
hijackloaderrhadamanthysdiscoveryloaderstealer

Malware Config

Targets

    • Target

      updateload2.exe

    • Size

      4.1MB

    • MD5

      f284c82401fcbac1bdde4b71a0af9798

    • SHA1

      c9390dc649d0f9e25339f87d7d5a59f58cd6b7df

    • SHA256

      9c760353cd7593ae5b5bdd79405a16568b2b7cb68fd7ad7cc5863b69a105a62d

    • SHA512

      b2b5564ec6012a04eff51349ddea2b7fab79599a46fae41376343d25f14d39329a525faad61513de7e93dd5d49c50dc5c7ed8a1022a33ba424f6c6dd99154366

    • SSDEEP

      98304:BiaVRBZ1vtleQ0TrFbpKyXTp/8zf8R9Mr4/Eof:B9Vt/eQiqyN/8zUs6d

    Score
    10/10
    hijackloaderrhadamanthysdiscoveryloaderstealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks