Overview

overview

10

Static

static

3

fixer/DryIoc.dll

windows7-x64

1

fixer/DryIoc.dll

windows10-2004-x64

1

fixer/FastRsync.dll

windows7-x64

1

fixer/FastRsync.dll

windows10-2004-x64

1

fixer/Seri...ct.dll

windows7-x64

1

fixer/Seri...ct.dll

windows10-2004-x64

1

fixer/Seri...le.dll

windows7-x64

1

fixer/Seri...le.dll

windows10-2004-x64

1

fixer/Serilog.dll

windows7-x64

1

fixer/Serilog.dll

windows10-2004-x64

1

fixer/Win64.exe

windows7-x64

1

fixer/Win64.exe

windows10-2004-x64

10

fixer/loca...lf.dll

windows7-x64

1

fixer/loca...lf.dll

windows10-2004-x64

1

fixer/loca...43.dll

windows7-x64

3

fixer/loca...43.dll

windows10-2004-x64

3

fixer/loca...47.dll

windows10-2004-x64

1

fixer/loca...GL.dll

windows7-x64

1

fixer/loca...GL.dll

windows10-2004-x64

1

fixer/loca...v2.dll

windows7-x64

1

fixer/loca...v2.dll

windows10-2004-x64

1

fixer/loca...ef.dll

windows7-x64

1

fixer/loca...ef.dll

windows10-2004-x64

1

fixer/loca...lob.js

windows7-x64

3

fixer/loca...lob.js

windows10-2004-x64

3

fixer/msvcp140.dll

windows7-x64

1

fixer/msvcp140.dll

windows10-2004-x64

1

fixer/temp...se.dll

windows7-x64

1

fixer/temp...se.dll

windows10-2004-x64

1

fixer/temp...ent.js

windows7-x64

3

fixer/temp...ent.js

windows10-2004-x64

3

fixer/temp...ent.js

windows7-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fixer.zip

  • Size

    115.1MB

  • Sample

    240827-hyh64aydng

  • MD5

    3bc2f9bfb8ede7172d2bf6e8f9dacf3a

  • SHA1

    224d770b9fc11c09f4f058f6636273cb13e6d539

  • SHA256

    b289ea0b20dec50003128814ed38147ec248865b098f17aa82daf0c40f7c5d21

  • SHA512

    38f3098be91ca1526446e14bf6a61e8adc926a4b06f3f0b5c5cc7aa3d29a3aff8dbab8421e24296030a8cc413030b95a509bfc557c832ec3c13e6368de1208d3

  • SSDEEP

    3145728:Ug3tRhNK9g1OhNmNSvxGM9KyAHKuPZ9GsQe7cge3jIUcUB:fhcdeyxfW7PfGsQCecUL

Score
10/10
rhadamanthysdiscoveryexecutionstealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://144.76.133.166:8034/5502b8a765a7d7349/gful07nl.rfoel

Targets

    • Target

      fixer/DryIoc.dll

    • Size

      554KB

    • MD5

      3614ba0a72fc1bae3c7650e866be29b6

    • SHA1

      7018420b53146049b18d3df9f29b859960f54f28

    • SHA256

      68a873290a159f29aa5ec60f80834cb5dd38402998eb4fec62960dd9b34d02b8

    • SHA512

      959f80f2586075f1602b84ee8181065be5907387efc1ac88ef91f6d706dadcb38389cc6f8688e5f6eea2fd379eb849ffb1f12a7b167125e05eb046a48ab50ee8

    • SSDEEP

      12288:UtKvCt0reiDBTZszay59yp2UI2FgsjiK:UKDBTZszz2Fgsj

    Score
    1/10
    behavioral1behavioral2

    • Target

      fixer/FastRsync.dll

    • Size

      38KB

    • MD5

      5ccbae90f96321549df7293a69fd00ce

    • SHA1

      6876291449e8cebe614594012d95e7b3c11816eb

    • SHA256

      db6d2f79b0685d9cd7b40170d8bf1c030a7146c8e99d13356dfff90f5258221f

    • SHA512

      e4debcb296fb0edfba0ef079b28d2e982fadfff3f91e5737956d710d6579f32063d78b59d713153b2de559363546a377fa485ab49c086b7f91ceb9b049100b77

    • SSDEEP

      768:Bj/Sw4osc82s9jDfqgCkqRPiDDDDZvofvi/pBdMWjf0aFBM:BTSw4o5OjDygCvPiDDDDRofve3d+a4

    Score
    1/10
    behavioral3behavioral4

    • Target

      fixer/Serilog.Formatting.Compact.dll

    • Size

      8KB

    • MD5

      fdb7ad01c66a0c96174300167fadd249

    • SHA1

      38b9971de844165f164e37e2d234d16f6022636c

    • SHA256

      2d7dec266c5436f58ab620db4e3b5c83e550e7f76caff26eae8186b14b52cdd6

    • SHA512

      13df8a0ec363dc3a8f80114c64869db6f1233ae250df1bf48260cf62588065200d5a920f7d16d41faac4ddd4b9edd4d3383d1bbdb1849d120a145175d3a74d4a

    • SSDEEP

      192:qWXD5XkXCbi5gYcKczH9MhTitYTnqztOmQz:qw9XSCi5glNzdM1yYTnqztOmQz

    Score
    1/10
    behavioral5behavioral6

    • Target

      fixer/Serilog.Sinks.Console.dll

    • Size

      31KB

    • MD5

      c48bf7030e583e273e94e2d32b752a83

    • SHA1

      51666bcec96f529b1a28b72db54cc7fcdf68441d

    • SHA256

      ded3b57b64eca479f2a659a244e4c403ebfb83a9a9b30ced893c145e77affd29

    • SHA512

      475e61bbb4484f468548dd7590d1d0bcc19912b322eacf2960b32c2c3ff1084231ddf8e689735e385a1f43e9912f79a028eae136c7dc8e130f2d3dd1eaf1f004

    • SSDEEP

      384:obd/GivDfRbUqX+pMA84UfYN7hzWrJ7HFjA7Avraq9E6ZAlJrKanrLCyaz/JllAt:kx+pe4L10ajxHJl7u4WHjW

    Score
    1/10
    behavioral7behavioral8

    • Target

      fixer/Serilog.dll

    • Size

      123KB

    • MD5

      0aa45a8a1cd24cd2b589e4aad925f35d

    • SHA1

      0dc29954c4c2ffea4c33af0e56ce84158849b81e

    • SHA256

      7a26a473af5eb7a00196e275c86d773f36e1d4caef566f97f1df7e07e20b1670

    • SHA512

      7a865b16633c09bdecda34fdf15c62db4f04f2fb8db0abf57563aea51de67daf9eca0c08f053f551937a0c3c7987a53de2454ecb13139a193291633df7262981

    • SSDEEP

      3072:XfwtSQoXux2ogH8I/eXXXXXPXXXXXHXXXXXTaXXXXX14N0QXVsABFkNfM+HFukRb:PwtSQoXux2M3XXXXXPXXXXXHXXXXX2Xh

    Score
    1/10
    behavioral10behavioral9

    • Target

      fixer/Win64.exe

    • Size

      238KB

    • MD5

      01b8c89eb83646a038d9cb368e686bdb

    • SHA1

      5f217b7ec06fb5b96bb9f5c9def89f368b98cc58

    • SHA256

      40c823f1d6c00f1ea2482833d7c45773b6830cc812f5352aff102df63330aea7

    • SHA512

      6e5d7272088391c423feafe947310c049125aea22a1857b9f732d3d323cd11ab1c838fa1e056629f0882a91ec05cd33ac6f3cf0ec4bdb0c039f5a8416c7975d4

    • SSDEEP

      3072:3uw4AsOzMKuNIlQ/mciPffLHa1d+Dylq5YQooYJoT1jUWXYCJzVaXlZX:3N4AqKQmUmci3fO1d+/dPYajw7

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral11behavioral12

    • Target

      fixer/locales/chrome_elf.dll

    • Size

      535KB

    • MD5

      fc626beca1d1051a02b36a4405ef66fb

    • SHA1

      31891613416d61551d04b603a77fd8776d316b7b

    • SHA256

      8a06b6f35fde228a7aa55ce6d6a4cc84a0c3443468d618850a868ce4e56909bb

    • SHA512

      a444df40e7851cc268ea30854f104fee441556d12f5ba364fb63e636e76776f5eb2b5d595437dbdff3ea65d3faa9862d949d899bb07074718a252bf5217e4f57

    • SSDEEP

      12288:rfVyCOR2XJ9ikagT8NyUrZPPq+aVolf6:RyN2uka5dZPPqxl

    Score
    1/10
    behavioral13behavioral14

    • Target

      fixer/locales/d3dcompiler_43.dll

    • Size

      2.0MB

    • MD5

      1c9b45e87528b8bb8cfa884ea0099a85

    • SHA1

      98be17e1d324790a5b206e1ea1cc4e64fbe21240

    • SHA256

      2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

    • SHA512

      b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

    • SSDEEP

      49152:DpX9JVeE9HP6Zpy9KyhMI50Du8LljslNsHSHFUq9OiapbbO5Akb:H3P9HP6Zpy9KyhMI50Du8LljslNsyHiS

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      fixer/locales/d3dcompiler_47.dll

    • Size

      4.3MB

    • MD5

      a7675ddea31dbacd14cc6e9199f7641f

    • SHA1

      876eb1d947d9fdf00da3f07ce1fa5499cb24f49d

    • SHA256

      d82f77d802ff05d4da0c82335a05613604da243513faa7fb145aaad0119bddb5

    • SHA512

      7abc51ced7230f916153167112a658eaff9cb6e59a23a1a59e3397e7bce9cd4f779dfc0a32a7148221768ae5477c01a53d2d4643355c1cc02aa40438c04b0376

    • SSDEEP

      49152:alhikm+oaxGv/qNDvJIBqvZvoWlPK1WbYDgm2gmyZkLF0KQRdjwuL2JVh9aeE:Kdn5MFirGr

    Score
    1/10
    behavioral17

    • Target

      fixer/locales/libEGL.dll

    • Size

      90KB

    • MD5

      50c717ab7624384b2b2d8a953263beb2

    • SHA1

      58d82865ab86a193f8f6ff1cbf7677525f6e217d

    • SHA256

      63580999b8210315b664e7742b6d4f59e587d20b4d0826072a5ef311c6f25b74

    • SHA512

      8caac7982eba6380df162b62353088339754ff211847e3921dd74f239e8a980d588b36db385acbd2ba0edcaebcfb4d272eb0405672dc158e58666b6f695a02b4

    • SSDEEP

      1536:KGP6HhCY9bVfdiVkfynyCjUzjBUpgmsWS4dMOe9dl58Zh3Cz0b:KGPG/xViVk4yOUz26KPWHiyzy

    Score
    1/10
    behavioral18behavioral19

    • Target

      fixer/locales/libGLESv2.dll

    • Size

      3.7MB

    • MD5

      dd3f55559ca3eb1a89e7d696c8c5de53

    • SHA1

      ce2785277d60aa366e6faf3c3318d5767a3d949e

    • SHA256

      99f261fa5a69dd2b3bd6192aaf72a0d9f88d769a311fac87963658a7573ec669

    • SHA512

      bd47d44177970c08bb645f0e92011b2c9143c016d2baaf03a55f26e5e4fc157f1273fda49320815c0cbaa34b531c7fd1f28fa37d2486104d486063b138d75739

    • SSDEEP

      49152:oVgDuIkH0auiXZR2oWisTDLKvka5A9rC1Mw50uaj3cRhONxp7Im8TV659Zx/M70M:QgDWXv96pjkwpcTB5Vf

    Score
    1/10
    behavioral20behavioral21

    • Target

      fixer/locales/libcef.dll

    • Size

      93.7MB

    • MD5

      cdabeb796e713cbd64f640f6ff2cbd6b

    • SHA1

      9b7827325d6fdc5b7faf38fb60ee8bf6bd25d120

    • SHA256

      801f122c61770d97af98f560e16b6279e3b65ba4eec0d9e1786f691b1bddf7a2

    • SHA512

      8c19b5dca1e7ac0a23d709a81665709c7150a7d216770aa804988866e91d8007e3a3da70f2a706637a1bf54f97a50cd3280253b315ea138327e6d3b5d852c761

    • SSDEEP

      786432:XiuGijJ73qONWPbl0WdCCzQP+u62ep8L:XiuGijd6ONibeWg8O2

    Score
    1/10
    behavioral22behavioral23

    • Target

      fixer/locales/natives_blob.bin

    • Size

      240KB

    • MD5

      94855c31f6c24656a6d67ceae0b04cca

    • SHA1

      1d5346516d5f1f7546d4400ca3eea55022ddd9bd

    • SHA256

      20210a0e530832a0267d584015eecb331c2ac0d841faf7b36feb9d326c32c113

    • SHA512

      1043759ed4b4e1df6f05724cf5132bbcf410bc5d6ffe791ad243a6c66a577965993d72908f032805bdc14ee8b69f93417535fcc8b38bfdb006de20f7c7b0d1c4

    • SSDEEP

      3072:kUotXVrxNpyXcsR/H/UxRjh7z5/w7JrMCOL2ZHJSSC/s9a:kUopVrxNpyXcsRf/UxRjhxw7JoCOLuI

    Score
    3/10
    execution
    behavioral24behavioral25

    • Target

      fixer/msvcp140.dll

    • Size

      641KB

    • MD5

      1294dc1ff823e6c42923fe4036d5b8d3

    • SHA1

      c4beef753952c9528955d2277b066ce66fc24d04

    • SHA256

      1e7c3c62581314fd7df2d80b3a12003c9041cb81de62fdb2db30313e1be940bc

    • SHA512

      a8bf580ea61a64a34a3fd144d3883b8c0a9103f65ad1bae40a7c768d67af00da9b6207833e9bdcf9e7dc6f88aa8b9c01413c97ecedb6067007774aad8292e559

    • SSDEEP

      12288:K5l2gpV/HN+uydfoHegQWBqf/qq3R5W8ZB4zmRzbatsViRUF9Wbh+:KLpNtVQ9f93PW8ZBS+zbI7sU8

    Score
    1/10
    behavioral26behavioral27

    • Target

      fixer/temp/OpenImageDenoise.dll

    • Size

      47.5MB

    • MD5

      43b8ae36fb551bb0226bb59cf21431ce

    • SHA1

      a18980353bce3abb27d40ec1e17b4d25f155c30d

    • SHA256

      11213c268e6c67262d48e7351e1f6c196acbb91a9a1cf059d4d758c34368f08a

    • SHA512

      26e3a28976ad880bafb12eba9d2fd7cf86cb21dcde465094a78ccb6aad4e33b0465dd8fad7df7c36a2787cb94010768e2e4c403ef24e4de2cefa7eb77e3d55ba

    • SSDEEP

      786432:hnytAKo2dZOplxaeiF9Oz6CJk9w5ksfQYOSCIAnrxeMMNKo6LnZyj4fm2YkLuyp0:MW3pqPFUzJgw5hfXOXHnrbMZOnC4fmtN

    Score
    1/10
    behavioral28behavioral29

    • Target

      fixer/temp/cef_100_percent.pak

    • Size

      608KB

    • MD5

      746bae279e8895628f973fc845dd9c87

    • SHA1

      d05e865b9a65d3bc520973f4f50e29923f4ba97b

    • SHA256

      090a1c57ffac91fd2ea8356d57ef9350116678cf0a276c62227b7748a1285533

    • SHA512

      e900403d85972c9002ce178c5d20dc97df397279c09f52e42415269042ec80e81bc7ca8ddaacd656cff1b1b2f8f503d80255c8895e4d7349c89b75c08079aa39

    • SSDEEP

      6144:uY0JHcSgEalEJxd0NvmdXWq1u8zwVKTukW/H2Rdx5c1YC7x1+fSCy1:uY02QukWHYlgf1Tp1

    Score
    3/10
    execution
    behavioral30behavioral31

    • Target

      fixer/temp/cef_200_percent.pak

    • Size

      683KB

    • MD5

      e7f07945027e3dda458431c935868fab

    • SHA1

      0205da51d3c9b70c9fed56dd3622f240f3c1f008

    • SHA256

      1ac018d5a628f3dfdd5bc97f72322790cf39c199361380860a3498274c524901

    • SHA512

      9926d872b8a2d1c1498b59c6cff15706f06ed3174e18eeca8c32e5fa2cd95c7b102734e115e97517c143f7c414c94a0788cfbd87839889731105c15b64004862

    • SSDEEP

      6144:o0JHcSgEalEJxd0NvmdXWq1uSDQYaRnHgs4jTlfkW/H2Rhz73QYV85u/oFwkoJoL:o023fFgs4jTFkWHYVg5u/oFwe3

    Score
    3/10
    execution
    behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

rhadamanthysdiscoverystealer
Score
10/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10