General

  • Target

    game_2024.zip

  • Size

    2.0MB

  • Sample

    240825-fp197swcmd

  • MD5

    7c77a4f104c0d5f3ea91450d39720107

  • SHA1

    b324b8486826ba1073fce3f869b2d4a997bf7c45

  • SHA256

    e9c20fc894aaa64d5b2e4b00ab97194f6e0ceadd79bbc206cb41632567b5894a

  • SHA512

    863760ac65c8857b6e79026e1a7ea7506177fd8465ed8875c390dd71a9907111b5e696e74b9d3417871f366dd095546788d4d070e86eb0f9902023dc95112d2c

  • SSDEEP

    49152:Jf1XJrN8RWlJOc2AEvo8nAxL8TlBhp7lHFeEsj:J9XRF8vnAx4T/DlHFp4

Malware Config

Extracted

Family

rhadamanthys

C2

https://154.216.18.122:2013/fb9e53a2cacd52/hkabqexs.2mj2h

Targets

    • Target

      game_2024.zip

    • Size

      2.0MB

    • MD5

      7c77a4f104c0d5f3ea91450d39720107

    • SHA1

      b324b8486826ba1073fce3f869b2d4a997bf7c45

    • SHA256

      e9c20fc894aaa64d5b2e4b00ab97194f6e0ceadd79bbc206cb41632567b5894a

    • SHA512

      863760ac65c8857b6e79026e1a7ea7506177fd8465ed8875c390dd71a9907111b5e696e74b9d3417871f366dd095546788d4d070e86eb0f9902023dc95112d2c

    • SSDEEP

      49152:Jf1XJrN8RWlJOc2AEvo8nAxL8TlBhp7lHFeEsj:J9XRF8vnAx4T/DlHFp4

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks