Overview

overview

10

Static

static

10

s.exe

windows7-x64

10

s.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    s.bin

  • Size

    82.5MB

  • Sample

    240807-qb91assdpc

  • MD5

    186c20868ce52b64dd05765b1a2396bb

  • SHA1

    77103141eb9dfc1902a0aded50969c888635446b

  • SHA256

    68395be6acccbc33328eeb307f5fe190da71f801fcd6d9aa5b3536b9723bceb6

  • SHA512

    1f1a68ab9b21067cb00ff216ecf6620f14e329774379b295b9b1e34eca81db434166212f343930a1ccb38998a9da924853462bb93a6d267bfcc52aa068413eb4

  • SSDEEP

    196608:9JoeoSVFaTNmgcyGHfZ3BVg+QvHsoL8Ijq:3oeoUaTNJdG/dg+QvMoLzm

Score
10/10
hijackloaderrhadamanthysdiscoveryloaderstealer

Malware Config

Targets

    • Target

      s.bin

    • Size

      82.5MB

    • MD5

      186c20868ce52b64dd05765b1a2396bb

    • SHA1

      77103141eb9dfc1902a0aded50969c888635446b

    • SHA256

      68395be6acccbc33328eeb307f5fe190da71f801fcd6d9aa5b3536b9723bceb6

    • SHA512

      1f1a68ab9b21067cb00ff216ecf6620f14e329774379b295b9b1e34eca81db434166212f343930a1ccb38998a9da924853462bb93a6d267bfcc52aa068413eb4

    • SSDEEP

      196608:9JoeoSVFaTNmgcyGHfZ3BVg+QvHsoL8Ijq:3oeoUaTNJdG/dg+QvMoLzm

    Score
    10/10
    hijackloaderdiscoveryloaderrhadamanthysstealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks