Overview

overview

10

Static

static

3

anubisspoofer.rar

windows7-x64

3

anubisspoofer.rar

windows10-2004-x64

3

Anubis.exe

windows7-x64

10

Anubis.exe

windows10-2004-x64

10

spooferconfig.dll

windows7-x64

1

spooferconfig.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    anubisspoofer.rar

  • Size

    2.2MB

  • Sample

    240928-lyq4gszbkp

  • MD5

    6170ea8536ac22e4fe9765d466eb2475

  • SHA1

    75fd34b11bc71181131c0d8bec005d6d9b0c87bc

  • SHA256

    939cdd940184fa0be3ac8de9330d66e144d93396098713278e736e6ab1396f72

  • SHA512

    120b17b2364f579e0e95e7a06358d4f175f5d599c884b7e8de0d384d12e908b80dd5b011d3d7ba643e99d4cc58b7813f71e98a9e95ab8b8f131a391a0253edf0

  • SSDEEP

    49152:NnnY9AataBTX5T8oqMldG7p7DlvSIC2mZac6BYfX9gUmGMP0xBiMh8Y9p:NnnPBTX5T88lE97D62+nPXfnc0riMfD

Score
10/10
rhadamanthysdefense_evasiondiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif

Targets

    • Target

      anubisspoofer.rar

    • Size

      2.2MB

    • MD5

      6170ea8536ac22e4fe9765d466eb2475

    • SHA1

      75fd34b11bc71181131c0d8bec005d6d9b0c87bc

    • SHA256

      939cdd940184fa0be3ac8de9330d66e144d93396098713278e736e6ab1396f72

    • SHA512

      120b17b2364f579e0e95e7a06358d4f175f5d599c884b7e8de0d384d12e908b80dd5b011d3d7ba643e99d4cc58b7813f71e98a9e95ab8b8f131a391a0253edf0

    • SSDEEP

      49152:NnnY9AataBTX5T8oqMldG7p7DlvSIC2mZac6BYfX9gUmGMP0xBiMh8Y9p:NnnPBTX5T88lE97D62+nPXfnc0riMfD

    Score
    3/10
    behavioral1behavioral2

    • Target

      Anubis.exe

    • Size

      1.2MB

    • MD5

      c2adb7ff42f1c961035f17bad5bee12d

    • SHA1

      e2ae36539f9ff88e8a89d750e99d15ea6e84f0dc

    • SHA256

      4b350ae0b85aa7f7818e37e3f02397cd3667af8d62eb3132fb3297bd96a0abe2

    • SHA512

      16413f90689cfa3fc509637bea54634ead1bba7f89d621bbc8096279f2413cd3477142a63becfa457e5756583c34049699ab1e960d1133dad2f72e3325ecb348

    • SSDEEP

      24576:uDDgbYd14JwD00GR/L4Sgh5ovGpuIGPBgyjhgQJ8L/inWS:gcbILXoO3p9GP6ydk/inWS

    Score
    10/10
    rhadamanthysdefense_evasiondiscoverystealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion
    behavioral3behavioral4

    • Target

      spooferconfig.dll

    • Size

      6.0MB

    • MD5

      f553ad722875c02d5b45f5c975ceb771

    • SHA1

      867f41aa5b67cf7e15e3efe6cb4360f8f415fa6e

    • SHA256

      35f12093577d9c58fe7858ca26a935aaf409269057a9a8bdf975693d6dfe208a

    • SHA512

      041924f9a64d626d1a3b7111de968f11cc08d384b9dcd47e832744bc195d71d6f58bf06cc9f14fcf31a2f1490230779d9a1afd70e8eb836424fd14d59e6f663b

    • SSDEEP

      49152:Z9EWdahQOLgGyX6lRu6vz3ZLZh/qNwffAj3g/bTqSk6Fi0Lp5eo0Jvn:DaNFz3Z3/lgQ/6Sj5wv

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks