Overview

overview

10

Static

static

10

0024f2af21...c2.exe

windows7-x64

10

0024f2af21...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0024f2af21d239ce45c14ce295b28ac2.exe

  • Size

    11.1MB

  • Sample

    240829-glbe2sydpk

  • MD5

    0024f2af21d239ce45c14ce295b28ac2

  • SHA1

    51c27e4c16ef9b68874ced062d29e357a380d25b

  • SHA256

    eabcd20c183903046a1d28b72a6178da24879d8057594334ce300bc969c7e23d

  • SHA512

    741edd582ce34c352c6965cc4487408b18e63e2fb0bb5ae8c103de5c02e56cb22fa80c83d3b69b03b6e315fd7694ffa22d948adbe2f3eb38f5eb5ed4c1fad545

  • SSDEEP

    196608:MOJ9gF/d8f23gg1tvLpPEBKqY1iyvB6nBtPISH95B08fVBTyRKfqrUM+kLsOiLlU:MOJ9gF/d8f23gg1ZLpPEBKqY1iyvB6n6

Score
10/10
hijackloaderrhadamanthysdiscoveryloaderstealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://5.42.99.131:443/e0bd9c1f4515facb49/m58gpf5u.6eabm

Targets

    • Target

      0024f2af21d239ce45c14ce295b28ac2.exe

    • Size

      11.1MB

    • MD5

      0024f2af21d239ce45c14ce295b28ac2

    • SHA1

      51c27e4c16ef9b68874ced062d29e357a380d25b

    • SHA256

      eabcd20c183903046a1d28b72a6178da24879d8057594334ce300bc969c7e23d

    • SHA512

      741edd582ce34c352c6965cc4487408b18e63e2fb0bb5ae8c103de5c02e56cb22fa80c83d3b69b03b6e315fd7694ffa22d948adbe2f3eb38f5eb5ed4c1fad545

    • SSDEEP

      196608:MOJ9gF/d8f23gg1tvLpPEBKqY1iyvB6nBtPISH95B08fVBTyRKfqrUM+kLsOiLlU:MOJ9gF/d8f23gg1ZLpPEBKqY1iyvB6n6

    Score
    10/10
    hijackloaderrhadamanthysdiscoveryloaderstealer

    • Detects HijackLoader (aka IDAT Loader)

    • HijackLoader

      HijackLoader is a multistage loader first seen in 2023.

      loaderhijackloader

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks