General

  • Target

    6ea2b5143078d89828fbcb105b90a693.exe

  • Size

    13.8MB

  • Sample

    240829-glxy2swgrd

  • MD5

    6ea2b5143078d89828fbcb105b90a693

  • SHA1

    dbfe2845b56a4eaa60015dc001162c3023158d21

  • SHA256

    84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac

  • SHA512

    bffbbfb1c62d3ebadc3977d591c052d54289bc4b4348afe7c0096f9d1b709461fb66f3c8ede5a29670847b344364d1b33651807c83ab8f8c2c6f0f9f27e34f47

  • SSDEEP

    393216:saawEVI99NrEPFn6JdXG1w2fIVtRGpFI0+mdkO0pGYIg:saGaPce218VtRG7vTkO0cM

Malware Config

Extracted

Family

rhadamanthys

C2

https://147.45.47.72/9fcc2685c3ccafd/bkqam9uj.vgdc6

Targets

    • Target

      6ea2b5143078d89828fbcb105b90a693.exe

    • Size

      13.8MB

    • MD5

      6ea2b5143078d89828fbcb105b90a693

    • SHA1

      dbfe2845b56a4eaa60015dc001162c3023158d21

    • SHA256

      84fa854d9295a49125aaa8faeb5f5a75f7d133dbbfb4831430e20d5d3dc417ac

    • SHA512

      bffbbfb1c62d3ebadc3977d591c052d54289bc4b4348afe7c0096f9d1b709461fb66f3c8ede5a29670847b344364d1b33651807c83ab8f8c2c6f0f9f27e34f47

    • SSDEEP

      393216:saawEVI99NrEPFn6JdXG1w2fIVtRGpFI0+mdkO0pGYIg:saGaPce218VtRG7vTkO0cM

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Creates new service(s)

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Target

      ⌚/stepao.exe

    • Size

      423KB

    • MD5

      7313e7456fbaf0d2554570c77897abf1

    • SHA1

      850e156c7b58ab4b7ae5eedc0c8a396d33930d3d

    • SHA256

      2fc82bf903409c53ed2b488b7920be9df0c60835d12bb21c45c27384e4a1ff38

    • SHA512

      62cdd0914b5c150f615c2f7e56e5f106308387d9ef4d045a54e4f32280d6abbfefb1ace4ad7123881e437567df5566ff0c872555df913d534ebf43c56c8d6cd0

    • SSDEEP

      6144:YAYM3ZEWqf/qwPF7LR5W8ZJ74zmRiOFBbMh9q/JSl3ChNeK06iiRzmi0F9:YWBqf/qq3R5W8ZB4zmRzbaYsViRUF9

    Score
    1/10
    • Target

      ⌚/withrobot.exe

    • Size

      14.8MB

    • MD5

      02071fe1b9c8d6ade8dafa0a71600503

    • SHA1

      5b547e72386e43c291bceea5b7d0e8f51469cd3c

    • SHA256

      00c32e90c14f9c866a30256c8499e753397c7385e4a3fbcdc86515b9ee563faf

    • SHA512

      1c4b1c1cb788f08dea954b795d4e0bbd7c028aa5655ce23af805243d06d1c96ef687b0788343182c1d0307e9c76088e4d53e4506e5a4f8d1707001e6549b487a

    • SSDEEP

      393216:9kmzxXRKFz5EKqq7EBCuE/FFicGW8bBekvN:97xXRKFdlP9ijbBvv

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks