General
-
Target
f0a8e6bfb2df4fde05ad87e36076e035156527790b8a239e420a8321d39e2c07
-
Size
100.9MB
-
Sample
240919-s27nzawhmp
-
MD5
3fbbef2c27b833b13c0fc3cc7cb44211
-
SHA1
52f29d0d64f0cf7eb2e689e874b0dde3ce4df908
-
SHA256
f0a8e6bfb2df4fde05ad87e36076e035156527790b8a239e420a8321d39e2c07
-
SHA512
76a06d5f29f160e2d0edcb834e6761200b3ba1f81cf82707ea487eb24aadff56e66dc69ada44d35ce5f84e28149e998935d0ec4f2bd975ba5c7dbca47c751a4f
-
SSDEEP
3145728:MupSHIpUH+i4/WgGZaSHswXeR71uEedqdI+/UljhYD4wY:25tjfgU67Y
Behavioral task
behavioral1
Sample
Copyright Infringement Notice - Noontalk Media/Copyright Infringement Notice - Noontalk Media.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Copyright Infringement Notice - Noontalk Media/Copyright Infringement Notice - Noontalk Media.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Copyright Infringement Notice - Noontalk Media/msimg32.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Copyright Infringement Notice - Noontalk Media/msimg32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Copyright Infringement Notice - Noontalk Media/rename_me.pdf
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Copyright Infringement Notice - Noontalk Media/rename_me.pdf
Resource
win10v2004-20240802-en
Malware Config
Extracted
rhadamanthys
https://147.124.220.233:7843/0a493f164c8de167e156e/s2u8lic7.93tn6
Targets
-
-
Target
Copyright Infringement Notice - Noontalk Media/Copyright Infringement Notice - Noontalk Media.exe
-
Size
6.1MB
-
MD5
4864a55cff27f686023456a22371e790
-
SHA1
6ed30c0371fe167d38411bfa6d720fcdcacc4f4c
-
SHA256
08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2
-
SHA512
4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb
-
SSDEEP
98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Adds Run key to start application
-
-
-
Target
Copyright Infringement Notice - Noontalk Media/msimg32.dll
-
Size
30.0MB
-
MD5
1af8f73e9489faa89f1926f172f61834
-
SHA1
2e949867d9a49e1a84846e1841597e9f3146a07b
-
SHA256
44d01a2468c73a1424ed2edea0bc53e752bf09cfa06d88a3b85533c13d099a16
-
SHA512
35ebcea08cb41f84df642cc298ee21bdfd76892385717ee2fc5f8edbb914ab98a5b23da80dc96db3fc6f4b24398c92b4b71d7e044fb1dd33a6f30d5ca11ea351
-
SSDEEP
49152:fy9au4xzipYCfTR//UFZLOkALP7fi+HkENIT+:ggEpY6RmkkkXHtiT+
Score3/10 -
-
-
Target
Copyright Infringement Notice - Noontalk Media/rename_me.rename_me
-
Size
130.0MB
-
MD5
f158d3387c6e2cb1b482f7b7abee7e20
-
SHA1
9aadedb8049339dd027a45bc733caa1f6f3dc7a9
-
SHA256
c052369f476b624913e8aec1a3ba729d30b5d5f145c4c5c58d64f7d09cfa54b5
-
SHA512
93e92533c93d966007eaf6fb35772e362326eb8bd321f1db28cfa98943277589a393081157a8832f162776127eb91974e3f93a2ea3475e936db1f228973bc40e
-
SSDEEP
3145728:96lH+byk0ZggBznCh2HCea5bQ92NmDVr9XqnZGWp:
Score3/10 -