Overview

overview

10

Static

static

6

msimg32.dll

windows7-x64

10

msimg32.dll

windows10-2004-x64

3

renameme.pdf

windows7-x64

3

renameme.pdf

windows10-2004-x64

3

저작권 ...��.exe

windows7-x64

10

저작권 ...��.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.7z

  • Size

    72.9MB

  • Sample

    240812-qpjehashjm

  • MD5

    cfdbc7459731acc977da86d667f6a8b9

  • SHA1

    c02e8649ebff715d7fa12f4c3f9cca1156390cac

  • SHA256

    0bdc6c9bea314206994a9352f61895004ed414bcb767de035d9f9c5142916a11

  • SHA512

    111030b631a7249d6fd84749837fcee61692e52da63211b0c187db26abafc6b16958e9a33fde0fbbbabcdcc4062c05df02cc9a6e29eb144b48a5a6ea60ca926c

  • SSDEEP

    1572864:C78/Xu37epRXUs7DkTBF9bu1zknKvlCIioCEXtmOhIZ7XCJKmV1f:CgNp10tF9/nKvlIoliCl

Score
10/10
rhadamanthysdefense_evasiondiscoveryevasionpdfpersistencestealer

Malware Config

Targets

    • Target

      msimg32.dll

    • Size

      30.0MB

    • MD5

      a154217644d7083db5c2bca05fd663b0

    • SHA1

      cc3d43e548f2aca58240eff9485298857f891f33

    • SHA256

      a6e810e74c7e60ec30caa633ffe4c05d6f17aa3441883ce6b66ae5bb83a01c02

    • SHA512

      ce5c3a6e9fcbea041b8ce2966a02ae2de3b07dc4f8eef8cb96a4408ee2fe39b2a02b4bd0f99f3ad04a279a839c374f649b7666209629ed86c07362e4c1302a0b

    • SSDEEP

      49152:Tmp1wTHyQhBCMsvEqDZLOkALP7fivHBbsF:T21wTHF5svPDkkk2H

    Score
    10/10
    rhadamanthysdefense_evasiondiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

      defense_evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      renameme.renameme

    • Size

      220.0MB

    • MD5

      65062141a5aa00068b12b74a85d67b41

    • SHA1

      5ba2d2c53978b4de3a123d79fa3ed60e93d86a48

    • SHA256

      133be53c484a7d2f18f7919a393b60f4276f7900417bcd7bfecdbe977e750fb4

    • SHA512

      d9bdde0c7293acbdf4410b454cfd9a1ed6d645b69a108d88292cc3008d42909934d269d03c94d06e4868b1b2d0c6b0a260a3dfaacca9338e227452c307998231

    • SSDEEP

      3145728:96lH+byk0ZggBznCh2HCea5bQ92NmDVr9XqnZGWp:

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      저작권 침해 자료.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    Score
    10/10
    rhadamanthysdefense_evasiondiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

      defense_evasion

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks