General

  • Target

    0024f2af21d239ce45c14ce295b28ac2.exe

  • Size

    11.1MB

  • Sample

    240829-glbe2sydpk

  • MD5

    0024f2af21d239ce45c14ce295b28ac2

  • SHA1

    51c27e4c16ef9b68874ced062d29e357a380d25b

  • SHA256

    eabcd20c183903046a1d28b72a6178da24879d8057594334ce300bc969c7e23d

  • SHA512

    741edd582ce34c352c6965cc4487408b18e63e2fb0bb5ae8c103de5c02e56cb22fa80c83d3b69b03b6e315fd7694ffa22d948adbe2f3eb38f5eb5ed4c1fad545

  • SSDEEP

    196608:MOJ9gF/d8f23gg1tvLpPEBKqY1iyvB6nBtPISH95B08fVBTyRKfqrUM+kLsOiLlU:MOJ9gF/d8f23gg1ZLpPEBKqY1iyvB6n6

Malware Config

Extracted

Family

rhadamanthys

C2

https://5.42.99.131:443/e0bd9c1f4515facb49/m58gpf5u.6eabm

Targets

    • Target

      0024f2af21d239ce45c14ce295b28ac2.exe

    • Size

      11.1MB

    • MD5

      0024f2af21d239ce45c14ce295b28ac2

    • SHA1

      51c27e4c16ef9b68874ced062d29e357a380d25b

    • SHA256

      eabcd20c183903046a1d28b72a6178da24879d8057594334ce300bc969c7e23d

    • SHA512

      741edd582ce34c352c6965cc4487408b18e63e2fb0bb5ae8c103de5c02e56cb22fa80c83d3b69b03b6e315fd7694ffa22d948adbe2f3eb38f5eb5ed4c1fad545

    • SSDEEP

      196608:MOJ9gF/d8f23gg1tvLpPEBKqY1iyvB6nBtPISH95B08fVBTyRKfqrUM+kLsOiLlU:MOJ9gF/d8f23gg1ZLpPEBKqY1iyvB6n6

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

    • Hijackloader family

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Rhadamanthys family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks