General

  • Target

    Deadly Beta (password 2121).rar

  • Size

    4.1MB

  • Sample

    240826-mdck2azfnn

  • MD5

    fd43928e9192b49c74be9e3228831088

  • SHA1

    a4f310330abf5988eef1e69e1c7280df5bcee923

  • SHA256

    3e0faf2368d158b927fe8ddf8cc45c18465fd663545652dcf11812db0e039429

  • SHA512

    33d181f02812d7179c1e0bdd995bb0ee38bb3b008a908cac91dd18356b025c051f19bb72fb41803d06135cf6fe92b6f1b8af0c934a06601aed9d930ab990f963

  • SSDEEP

    98304:f3eCSqzMGzAv3DraKk9rszstKgoGz0jDtVJRb98FPD:fukyvi99rszst7l8tVJRc

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/2exkmrnd.gl5ss

Targets

    • Target

      Launcher.exe

    • Size

      442KB

    • MD5

      32294ae4ad2063b44a4d31cad44ad9ff

    • SHA1

      24313fdc2cff34a0065b4643f40fe44ba4a2fbc1

    • SHA256

      bb6ece8edf1cab4336f7178b9e158edf9e8fc0b966ceefd157dc1f5d119f309f

    • SHA512

      e2449493a32a622b40bd06c05f709e065e1b3002ed0ff6b48c594eb226f4e807b9c65cc3bad4934bd984920001d02b52f357dd3d440b762ee63b44be10ece290

    • SSDEEP

      6144:1JidrNEDu9O0EfUJfnzAfe4JM4LG17vIxwzrv+job91QLNupN/REjITFpARZN4tQ:1odaaqU981gvQn0bMuCEFaR79swnhEO

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of SetThreadContext

    • Target

      WebView2Loader.dll

    • Size

      154KB

    • MD5

      577f05cd683ed0577f6c970ea57129e0

    • SHA1

      aedf54a8976f0f8ff5588447c344595e3c468925

    • SHA256

      7127f20daa0a0a74e120ab7423dd1b30c45908f8ee929f0c6cd2312b41c5bddf

    • SHA512

      2d1aea243938a6a1289cf4efcd541f28ab370a85ef05ed27b7b6d81ce43cea671e06a0959994807923b1dfec3b382ee95bd6f9489b74bba59239601756082047

    • SSDEEP

      3072:R8AhKsY0iHlDhvlUQN2gWNZ6hVThFEtqQbucPqAJwU:usY0+lNv6E2JYEtzbuuV

    Score
    1/10
    • Target

      res_mods/1.23.0.0/scripts/client/gui/mods/mod_a.pyc

    • Size

      114KB

    • MD5

      a2f3ded45da8870e93e5d2186dab27e8

    • SHA1

      3f8e0cddecc3827b33ec02cd78d192c18f1ddf82

    • SHA256

      fc19237a4e9ae65829dbde384ce0de2c78b22d9577384dded9d4cde569a12742

    • SHA512

      438621491061c7f14f59c48d0d2fdd637a17c058df13417e21d660d81632dbb826a6144032f6f9192ab9bb0afb46b8f6cf3982879dc9942261c2538dbd17187c

    • SSDEEP

      3072:k6BVH7SBjeSCbupKVfG2yQJ23J+Svsy9k/TukuPMh:zrbKeWmDyQ+13kOPMh

    Score
    3/10
    • Target

      res_mods/1.23.0.0/scripts/client/gui/mods/mod_a.xml

    • Size

      1KB

    • MD5

      ff03ec17ee5f13070dd50717620ffbc0

    • SHA1

      3243099738c6b40d2fdcaae8b16fef280b5eb835

    • SHA256

      8e7d953780ef22d302a154cc504a0e13ff031b9177f9b20708bfd8ee9ddad7ed

    • SHA512

      535f4c9f6911ebb0843d0d8c58b2613cbf5122281b50b056918e693e0db9d9daf54fb17b744ec14f95929673868fdb516f8d1f5330bf930a486c9d502fb7c2fd

    Score
    3/10
    • Target

      res_mods/1.24.0.0/readme.txt

    • Size

      53B

    • MD5

      1a4884dcdb1a8908bee1099dc846f896

    • SHA1

      ca6b6f8b0a5ee2116163c7c5026d65adebab61a6

    • SHA256

      83ab826c036bb841639276fa0e2b2d7dd07165cd2f17a039d0b3d0118d5c3f19

    • SHA512

      e8cde35ffd67c94386faedb5caa70a1d6c2e076138ffe5d0c418e60efd2cc8ca53d2ca3b9268897ab4afd2c0328aa7383ef99ee59145ddc72f20007095ef3fa2

    Score
    1/10
    • Target

      res_mods/1.25.0.0/readme.txt

    • Size

      53B

    • MD5

      1a4884dcdb1a8908bee1099dc846f896

    • SHA1

      ca6b6f8b0a5ee2116163c7c5026d65adebab61a6

    • SHA256

      83ab826c036bb841639276fa0e2b2d7dd07165cd2f17a039d0b3d0118d5c3f19

    • SHA512

      e8cde35ffd67c94386faedb5caa70a1d6c2e076138ffe5d0c418e60efd2cc8ca53d2ca3b9268897ab4afd2c0328aa7383ef99ee59145ddc72f20007095ef3fa2

    Score
    1/10
    • Target

      updates/icudtl.dat

    • Size

      9.8MB

    • MD5

      65c6337820fbe9bf2498a9395e3b20f2

    • SHA1

      5cc62646e6c73b4be276d08719bc5e257af972bb

    • SHA256

      33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4

    • SHA512

      4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9

    • SSDEEP

      196608:g7UPty2ACLA2cliXUxR0jHz93Whl96p6VJQ:V12CLAZliXUxR0jHz93Whl96p6VJQ

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks