General
-
Target
WaveInstaller.zip
-
Size
25.7MB
-
Sample
240807-wvsg9avepe
-
MD5
4f5c34e4b497ab5ed1cb659b2eae332f
-
SHA1
6e978c22737fab395df5cdb91abbfb9e2fbb0564
-
SHA256
8624feb22b3a92ec567c5c192ff802e55f2cbd3388c78642bfffde6ac2a9ddc6
-
SHA512
7f571348f54aefad566eb6c714560cb005de6dd17bd4319d1b32a6035a92b7df196a98510f750129c1ec29fda2621be4e46a71c3d783c971acab39b0c8ece88c
-
SSDEEP
786432:p1Q1AKHPXFiDzbLtK1A7HKTHdg9g3lSMgK9s5rQpBshk:pWbXFiDLaqqT9gjMxOZQpBsK
Malware Config
Targets
-
-
Target
WaveInstaller.exe
-
Size
55.9MB
-
MD5
521646f158f26a3790605f3c3ff47a5e
-
SHA1
a0fc21bf69705c2d8934e71841d5e803048b23b9
-
SHA256
a0fe8a8ecab5d9d7df5a364a95352e1d861c8ca851c4339b65aa4841b3619617
-
SHA512
c47839fe320cec955ea5abd331a47ec5bb39ed02e61c72b295272f01be57fdb0a361f124e2fe1b0f4f7326ed71542e5a42ada87b635a70e89ac2523ab50cb856
-
SSDEEP
393216:hxIdZflFnaY4nRSn3pPPa7uksiL2YS2xg5gC33QSau/puRDHbUXyZ8s:gdZflFnaTEKuu25e4daEgpbUXyms
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Executes dropped EXE
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
-
-
Target
opengl32.dll
-
Size
3.9MB
-
MD5
e23a909c4d1f86e86dc366ae461fee04
-
SHA1
295259f69918736ee71ddcf32347c75eb0154ee6
-
SHA256
f522654ae4091305784e4a9cb532254f8cb5ba359e49e46ce47723c3d2eefc5a
-
SHA512
3c61a6fbf631157cffb141cd0fed2cd5fd04b7d6f39d06adbb9a83a406ceffcdba269620cb6daba6ff44c5e831a15eec96dd207074099e183c07f32aeca91be8
-
SSDEEP
49152:maKfYeGwtQUTd5Oc1eziEvRX5aU34b6Gi+JTpN9V93Sb6kmJcIvSpF+bEhr:mA2LD8RX4ff9Dkr
Score1/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1