Overview

overview

10

Static

static

3

Driver_x32.exe

windows7-x64

4

Driver_x32.exe

windows10-2004-x64

4

Installer-...ng.msi

windows7-x64

7

Installer-...ng.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Installer-master-BlackMythWukong.rar

  • Size

    54.8MB

  • Sample

    240831-rjmemsxerr

  • MD5

    ee0ca9deced958f712b37416ded0ec77

  • SHA1

    cc2f57bc78c61b50b76605975ffc2271fce60bf7

  • SHA256

    b28507f5d646bff668608fd5815137dc2317f2536bfd9dcbb4c412506b31856c

  • SHA512

    fbf9d3ff8d5754aafab9f19b2c44b6c60d1e1b80f0fbf5b8cd492a4f6d82f38be225ee4e1e3d46251d1349e9d5f1be66f8cf11b2e6c1d0b60390193e589431e9

  • SSDEEP

    786432:yK9FbHTJiZVCh7UZaMwuM1nfRZ+bs4ZuRJhHxgqCiIFGD0TvjihWrc2oVNVjZc51:pLd8ChPuqfjis4ZuRJhaqqBTIIR1

Score
10/10
rhadamanthysdiscoverypersistenceprivilege_escalationstealer

Malware Config

Targets

    • Target

      Driver_x32.exe

    • Size

      1.9MB

    • MD5

      d3601e19000f0745812b600b57e10ab1

    • SHA1

      b63e17df4e73234390f610769d013456c5e07131

    • SHA256

      4b8390a4dcc7a6fee0e6f336f1f968863f324ca56ec597089d63ef10e9a1f9de

    • SHA512

      ce8740d0ab032a80ea0f1e44162d6a2eba646adc77caaa4c5906ca6038df10e0f461259fa86282d22ebc1a1522114d78194362a9a1556180dc9a0603bae86335

    • SSDEEP

      49152:etO4J7W69DooDY0W5y9wM216qN+I/8gUKMMWmeqtKicIPWC:p4u0W5y9wM216qPUj4eqt0ID

    Score
    4/10
    discovery
    behavioral1behavioral2

    • Target

      Installer-master-BlackMythWukong.msi

    • Size

      43.8MB

    • MD5

      4cbea3318f7107adb73e10fd8de96abf

    • SHA1

      c6db50f856e92e5b0fa2f4b3855cbd58aa408fc1

    • SHA256

      395c44cce9624a5750c97c313b5ede45ea36dd623bc71f7d1bf2e4964492dcd4

    • SHA512

      724291101a4859c8e700ff762e48f6e2ded60fed23bfd64be7c438552c885b22d35b693ec03c2d234afe60d9defdc39ada77fedd9d3c881710935aa4e4f9b931

    • SSDEEP

      786432:H8JJ5v6bZ0no3r27KIvSOcaVWfoyI4aEK0Gpqq++mFIjqEKrdLi9VMkryQs:HC5i10noy7KS/RVLCqpP++mF+gLBf

    Score
    10/10
    discoverypersistenceprivilege_escalationrhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks