Overview

overview

10

Static

static

3

WaveInstaller.exe

windows7-x64

1

WaveInstaller.exe

windows10-2004-x64

10

opengl32.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea2d299ba22062bd8cfb63973ad571a20d5d6667ada1c4f0775a3b2c914d4507

  • Size

    30.6MB

  • Sample

    240822-vtjnaa1cpk

  • MD5

    627b5b9fea7dbea1ff90bed50baca2db

  • SHA1

    da53329d5b5878dc8d92ff0fc7d1cc2b1c7ffbed

  • SHA256

    ea2d299ba22062bd8cfb63973ad571a20d5d6667ada1c4f0775a3b2c914d4507

  • SHA512

    36d90ee408963b1bd724256cf4e6075fa6bcd62441186cd46edab23d8407dd754ddde7f4f1c39a4a62f9989b02e2b72571845286426df8e9ead83ffa47990361

  • SSDEEP

    786432:YEEbgVo8R7RWGYc1d16SAK3LiKEkQySIpAq8gxHE6kU5x1jjPkettvuq:Y9bgVt/rYq16Sv3LiLyckHE6kKxtXvz

Score
10/10
rhadamanthysdiscoveryexecutionstealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://147.45.44.156/9fcc2685c3ccafd/5ltcujso.q8pi8

Targets

    • Target

      WaveInstaller.exe

    • Size

      62.8MB

    • MD5

      f66c85401d7db71dabac1967d5b25b22

    • SHA1

      8856046029a881b6bd79b68328eaccaacf0ec60e

    • SHA256

      2e2540ebf685f0afa10ce24de9e2780baf01c57f22e5c5b238277159d76daa6f

    • SHA512

      6bd058d33fb27c493ad8a974bc1c07770da01293191c499677d9205ecf035005e0f8f5c60a39e979de84465b89cd01abd6204ea3d13ff2bfdf069f1f40957a79

    • SSDEEP

      393216:1KiyQ5GnKGtcq4kHylkvE0xD8pJJT6CmfeazN6wNRMMWEpTP1uVP7r1R:3yQ5GnKGtcQwkvXg5TABzVUENP01

    Score
    10/10
    rhadamanthysdiscoveryexecutionstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      opengl32.dll

    • Size

      3.9MB

    • MD5

      e23a909c4d1f86e86dc366ae461fee04

    • SHA1

      295259f69918736ee71ddcf32347c75eb0154ee6

    • SHA256

      f522654ae4091305784e4a9cb532254f8cb5ba359e49e46ce47723c3d2eefc5a

    • SHA512

      3c61a6fbf631157cffb141cd0fed2cd5fd04b7d6f39d06adbb9a83a406ceffcdba269620cb6daba6ff44c5e831a15eec96dd207074099e183c07f32aeca91be8

    • SSDEEP

      49152:maKfYeGwtQUTd5Oc1eziEvRX5aU34b6Gi+JTpN9V93Sb6kmJcIvSpF+bEhr:mA2LD8RX4ff9Dkr

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks