General

  • Target

    f0a8e6bfb2df4fde05ad87e36076e035156527790b8a239e420a8321d39e2c07

  • Size

    100.9MB

  • Sample

    240919-s27nzawhmp

  • MD5

    3fbbef2c27b833b13c0fc3cc7cb44211

  • SHA1

    52f29d0d64f0cf7eb2e689e874b0dde3ce4df908

  • SHA256

    f0a8e6bfb2df4fde05ad87e36076e035156527790b8a239e420a8321d39e2c07

  • SHA512

    76a06d5f29f160e2d0edcb834e6761200b3ba1f81cf82707ea487eb24aadff56e66dc69ada44d35ce5f84e28149e998935d0ec4f2bd975ba5c7dbca47c751a4f

  • SSDEEP

    3145728:MupSHIpUH+i4/WgGZaSHswXeR71uEedqdI+/UljhYD4wY:25tjfgU67Y

Malware Config

Extracted

Family

rhadamanthys

C2

https://147.124.220.233:7843/0a493f164c8de167e156e/s2u8lic7.93tn6

Targets

    • Target

      Copyright Infringement Notice - Noontalk Media/Copyright Infringement Notice - Noontalk Media.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

    • Target

      Copyright Infringement Notice - Noontalk Media/msimg32.dll

    • Size

      30.0MB

    • MD5

      1af8f73e9489faa89f1926f172f61834

    • SHA1

      2e949867d9a49e1a84846e1841597e9f3146a07b

    • SHA256

      44d01a2468c73a1424ed2edea0bc53e752bf09cfa06d88a3b85533c13d099a16

    • SHA512

      35ebcea08cb41f84df642cc298ee21bdfd76892385717ee2fc5f8edbb914ab98a5b23da80dc96db3fc6f4b24398c92b4b71d7e044fb1dd33a6f30d5ca11ea351

    • SSDEEP

      49152:fy9au4xzipYCfTR//UFZLOkALP7fi+HkENIT+:ggEpY6RmkkkXHtiT+

    Score
    3/10
    • Target

      Copyright Infringement Notice - Noontalk Media/rename_me.rename_me

    • Size

      130.0MB

    • MD5

      f158d3387c6e2cb1b482f7b7abee7e20

    • SHA1

      9aadedb8049339dd027a45bc733caa1f6f3dc7a9

    • SHA256

      c052369f476b624913e8aec1a3ba729d30b5d5f145c4c5c58d64f7d09cfa54b5

    • SHA512

      93e92533c93d966007eaf6fb35772e362326eb8bd321f1db28cfa98943277589a393081157a8832f162776127eb91974e3f93a2ea3475e936db1f228973bc40e

    • SSDEEP

      3145728:96lH+byk0ZggBznCh2HCea5bQ92NmDVr9XqnZGWp:

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks