Overview

overview

10

Static

static

6

Copyright ...rd.zip

windows7-x64

1

Copyright ...rd.zip

windows10-2004-x64

1

Copyright ...rd.exe

windows7-x64

10

Copyright ...rd.exe

windows10-2004-x64

10

msimg32.dll

windows7-x64

6

msimg32.dll

windows10-2004-x64

10

renameme.pdf

windows7-x64

3

renameme.pdf

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Copyright infringement record.zip

  • Size

    102.3MB

  • Sample

    240807-kywhjayhqa

  • MD5

    25d0fe848de04b4beb3673fc3aae7f0d

  • SHA1

    67ec152d513203fb7cfe4919321a6a000e91957d

  • SHA256

    e6315b24e0311758da1c25daa5f2724da4f534ed7ed644cbf43f3cc64c4676a7

  • SHA512

    8d486ff93418941d613ea79767c97059b4e6508b0dd82da5924be670219b9bc8778e478fc3bb5e22a70df8ef1e8bc198d0441e6779c45ff554fbaac16f770e62

  • SSDEEP

    3145728:M9WmBuj5V9/97h+8ZYqk/t5YVuxflmaKameBjn9NghzrvuRaUO:rbmtzm8/BhqrvuRc

Score
10/10
rhadamanthysdiscoveryevasionpdfpersistencestealer

Malware Config

Targets

    • Target

      Copyright infringement record.zip

    • Size

      102.3MB

    • MD5

      25d0fe848de04b4beb3673fc3aae7f0d

    • SHA1

      67ec152d513203fb7cfe4919321a6a000e91957d

    • SHA256

      e6315b24e0311758da1c25daa5f2724da4f534ed7ed644cbf43f3cc64c4676a7

    • SHA512

      8d486ff93418941d613ea79767c97059b4e6508b0dd82da5924be670219b9bc8778e478fc3bb5e22a70df8ef1e8bc198d0441e6779c45ff554fbaac16f770e62

    • SSDEEP

      3145728:M9WmBuj5V9/97h+8ZYqk/t5YVuxflmaKameBjn9NghzrvuRaUO:rbmtzm8/BhqrvuRc

    Score
    1/10
    behavioral1behavioral2

    • Target

      Copyright infringement record.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

    • Target

      msimg32.dll

    • Size

      4.9MB

    • MD5

      edfe2dd4d8218d13e1e6aa5501d5163b

    • SHA1

      d3212ebb64dce90a8c972bf3a6f1ad734bc39b08

    • SHA256

      1a2399ecc38f3288206c75b55762d125d3d75254062a2c0d85c86e7f896736ac

    • SHA512

      282df1a436549af672dad5e74eb0617c882ec1665c6bad112850a7666cd93d2fa5f18f2935d0ebaa8562d592adcab380c6dc5a9117ec373fbf1310caef65035f

    • SSDEEP

      49152:JErEyCal8VnN+LwbEOCAQFhZ81wm+R9BlwxPJfkwDQby1uZLOkALP7fivHdHufrF:JElCQ8VN+TAghZbR9y6wKyskkk2HOh

    Score
    10/10
    discoverypersistencerhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral5behavioral6

    • Target

      renameme.renameme

    • Size

      220.0MB

    • MD5

      65062141a5aa00068b12b74a85d67b41

    • SHA1

      5ba2d2c53978b4de3a123d79fa3ed60e93d86a48

    • SHA256

      133be53c484a7d2f18f7919a393b60f4276f7900417bcd7bfecdbe977e750fb4

    • SHA512

      d9bdde0c7293acbdf4410b454cfd9a1ed6d645b69a108d88292cc3008d42909934d269d03c94d06e4868b1b2d0c6b0a260a3dfaacca9338e227452c307998231

    • SSDEEP

      3145728:96lH+byk0ZggBznCh2HCea5bQ92NmDVr9XqnZGWp:

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks