Overview
overview
10Static
static
3Launcher.dll
windows7-x64
1Launcher.dll
windows10-2004-x64
1Launcher.exe
windows7-x64
10Launcher.exe
windows10-2004-x64
10data/appIn...er.dll
windows7-x64
1data/appIn...er.dll
windows10-2004-x64
1data/appIn...er.exe
windows7-x64
8data/appIn...er.exe
windows10-2004-x64
8data/appIn...AR.exe
windows7-x64
4data/appIn...AR.exe
windows10-2004-x64
4data/appIn...er.dll
windows7-x64
1data/appIn...er.dll
windows10-2004-x64
1data/appIn...er.exe
windows7-x64
8data/appIn...er.exe
windows10-2004-x64
8data/appIn...et.exe
windows7-x64
1data/appIn...et.exe
windows10-2004-x64
3General
-
Target
9bff935ec8c2618fe262d931924c031e18eee550d9701e3cfb83c07918fd02ce
-
Size
23.9MB
-
Sample
240827-pjyrkazgmh
-
MD5
4446b379278d2ca64882ec46015fc363
-
SHA1
460b05e7cfff86b484f657917ddc768cca2100e3
-
SHA256
9bff935ec8c2618fe262d931924c031e18eee550d9701e3cfb83c07918fd02ce
-
SHA512
923ad8a378a67198e5dbaabf9b94ca84d0ffac10f348f7e7c3d0a0b76717b3194556893a39dfc02038159cbaf5c5941573cb47bbee4598b02a410238092fcd1c
-
SSDEEP
393216:xvqrmxujE3K8U0y+t/nN3NZAv2ZV+jsmvGlAZlDhs5jiXhVeJFHVL/aRmuv3SLx4:srm84auySZLAv2LUMARs5jIVeJRF/aRn
Static task
static1
Behavioral task
behavioral1
Sample
Launcher.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Launcher.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Launcher.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Launcher.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
data/appInfo/services/Launhcer.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
data/appInfo/services/Launhcer.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
data/appInfo/services/Launhcer.exe
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
data/appInfo/services/Launhcer.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
data/appInfo/services/WinRAR.exe
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
data/appInfo/services/WinRAR.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
data/appInfo/services/data/Launcher.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
data/appInfo/services/data/Launcher.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
data/appInfo/services/data/Launcher.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
data/appInfo/services/data/Launcher.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
data/appInfo/services/wget.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
data/appInfo/services/wget.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://45.159.188.37:443/44194499adc4d2b753ee/gcj8ajmp.qnu3f
Extracted
amadey
4.41
3dae01
http://185.208.158.116
http://185.209.162.226
http://89.23.103.42
-
install_dir
239f17af5a
-
install_file
Hkbsse.exe
-
strings_key
91a6d9abcd7a774809c7ff7ced665178
-
url_paths
/hb9IvshS01/index.php
/hb9IvshS02/index.php
/hb9IvshS03/index.php
Targets
-
-
Target
Launcher.dll
-
Size
3KB
-
MD5
84ac8cf047eb0d115d6134573ea2b347
-
SHA1
9e494ff3290c4d021c7dc4b71b068d30485dd92c
-
SHA256
c8515089831c29cdb6fd82018eccad2878fb74a5393d628faa393ba63931bbe4
-
SHA512
99415a376cb61adaee687d6b75610d9248b9b8f91960867ec804c42e25890e1f96eedc6f4cb7f9659dde015b1d20da28ac3550147ff9194ed434bf4fb1313388
Score1/10 -
-
-
Target
Launcher.exe
-
Size
364KB
-
MD5
93fde4e38a84c83af842f73b176ab8dc
-
SHA1
e8c55cc160a0a94e404f544b22e38511b9d71da8
-
SHA256
fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03
-
SHA512
48720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec
-
SSDEEP
6144:MpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrqH1JWP6f:Mp8KLBzQ7Lcf3SiQs2FTTql9unNrkvT2
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
data/appInfo/services/Launhcer.dll
-
Size
3KB
-
MD5
6cced0a38b185030835bf8857633c159
-
SHA1
4f1604d5e67894fb6b054f8ac82122fa8ad69ed6
-
SHA256
f15ae3d7b9d5310f53939148cf8fe58c8078086e934628ad2c3a611a59181e36
-
SHA512
576c4e937b13050ca408445242db266e43c02dc1ec8ea567994594bd624c276bb20c46b94cf54cfe1ac36091bb4cf9959df1403b4838ab15fa10c75f119e18cc
Score1/10 -
-
-
Target
data/appInfo/services/Launhcer.exe
-
Size
364KB
-
MD5
e5c00b0bc45281666afd14eef04252b2
-
SHA1
3b6eecf8250e88169976a5f866d15c60ee66b758
-
SHA256
542e2ebbded3ef0c43551fb56ce44d4dbb36a507c2a801c0815c79d9f5e0f903
-
SHA512
2bacd4e1c584565dfd5e06e492b0122860bfc3b0cc1543e6baded490535309834e0d5bb760f65dbfb19a9bb0beddb27a216c605bbed828810a480c8cd1fba387
-
SSDEEP
6144:+pS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYql6wrEJWPYg:+p8KLBzQ7Lcf3SiQs2FTTql9unNrkv75
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
data/appInfo/services/WinRAR.exe
-
Size
2.1MB
-
MD5
f59f4f7bea12dd7c8d44f0a717c21c8e
-
SHA1
17629ccb3bd555b72a4432876145707613100b3e
-
SHA256
f150b01c1cbc540c880dc00d812bcca1a8abe1166233227d621408f3e75b57d4
-
SHA512
44811f9a5f2917ccd56a7f894157fa305b749ca04903eeaeca493864742e459e0ce640c01c804c266283ce8c3e147c8e6b6cfd6c5cb717e2a374e92c32a63b2c
-
SSDEEP
49152:2oJAPtSHWxwJWzkDVkwg5NYUzNjteyUHBdH3y005:2ZAHWSxkfNNte9BpCN
Score4/10 -
-
-
Target
data/appInfo/services/data/Launcher.dll
-
Size
6KB
-
MD5
6e7b8b4200d14198c2a6c2c7617a78db
-
SHA1
b4d87db35a6cb1630a78e50939317f7c68a5303d
-
SHA256
91436d2eb99775eef9b6e543c089794f851d750924d3aaede3627623fd0a7f2e
-
SHA512
72aaa8307509aa26782e3954511f0d6306c9cffce312566b91036f173cd763f2d621f907cc3646cb0c0881ef066b7ec10d784eeb4c47c732812bb3eb3ddeb99d
-
SSDEEP
192:+8FORePdnuJmiDo40PMZ21E70j+oitcoU8:ZORE2kjkAhjFD8
Score1/10 -
-
-
Target
data/appInfo/services/data/Launcher.exe
-
Size
364KB
-
MD5
93fde4e38a84c83af842f73b176ab8dc
-
SHA1
e8c55cc160a0a94e404f544b22e38511b9d71da8
-
SHA256
fb07af2aead3bdf360f555fc872191e43c2f0acbfc9258435f9a30afe272ba03
-
SHA512
48720aebe2158b8a58fc3431c2e6f68271fbade51303ad9cb5b0493efaec6053ff0c19a898841ef7c57a3c4d042ac8e7157fb3dc79593c1dfcdcf88e1469fdec
-
SSDEEP
6144:MpS9kEFKbITUvR8cy8dzQ7Lcf3Si96sfO+2RZrTql9unNrkYqliwrqH1JWP6f:Mp8KLBzQ7Lcf3SiQs2FTTql9unNrkvT2
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
data/appInfo/services/wget.exe
-
Size
4.9MB
-
MD5
8c04808e4ba12cb793cf661fbbf6c2a0
-
SHA1
bdfdb50c5f251628c332042f85e8dd8cf5f650e3
-
SHA256
a7b656fb7a45f8980784b90b40f4a14d035b9dc15616465a341043736ec53272
-
SHA512
9619f96c3180ef3d738ecc1f5df7508c3ff8904021065665c8388a484648e135105e1c1585de1577c8b158f9b5bc241e3ff7f92665e9553e846e1b750ddea20f
-
SSDEEP
98304:bHObnQdOb3OWEqNHeHq6PdOnS8SOGdVilQeHPpXF0aGOVxuGqYE6hpAl/70pzd+Z:bHInQ5WE2HeHq61OJSOGdVilQeHPpXFA
Score3/10 -
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
2PowerShell
2System Services
2Service Execution
2Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Power Settings
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Impair Defenses
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1