Overview

overview

10

Static

static

10

m.exe

windows7-x64

10

m.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    m.bin

  • Size

    51.5MB

  • Sample

    240807-p5xfmasdke

  • MD5

    d28a23c1fcf7e2907312e539b22b2682

  • SHA1

    63154a2e0773f75e45f9aad4a4f562f5054db2fc

  • SHA256

    7cf9c048d4154471894cc7d8e3d7feada4ed5d15becde5e773d478e91b60ca8c

  • SHA512

    00a01db925e8aedfba27553e1fbc34ec076e592861a27bcff9c7982ee34f6b689437a034666e9ad9248bd02616ffaa64c3ea74da373ebabde3e58f92cffb12b7

  • SSDEEP

    98304:wiMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwVCubyPHOwV:Ti68xQ+zLJOZwjgZ7abiOwV

Score
10/10
hijackloaderrhadamanthysdiscoveryloaderstealer

Malware Config

Targets

    • Target

      m.bin

    • Size

      51.5MB

    • MD5

      d28a23c1fcf7e2907312e539b22b2682

    • SHA1

      63154a2e0773f75e45f9aad4a4f562f5054db2fc

    • SHA256

      7cf9c048d4154471894cc7d8e3d7feada4ed5d15becde5e773d478e91b60ca8c

    • SHA512

      00a01db925e8aedfba27553e1fbc34ec076e592861a27bcff9c7982ee34f6b689437a034666e9ad9248bd02616ffaa64c3ea74da373ebabde3e58f92cffb12b7

    • SSDEEP

      98304:wiMrdaUIJ3sxQvmzLvqwBOZTcjgxffDjqJbzEwVCubyPHOwV:Ti68xQ+zLJOZwjgZ7abiOwV

    Score
    10/10
    hijackloaderdiscoveryloaderrhadamanthysstealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks