General

  • Target

    launcher.exe

  • Size

    35.9MB

  • Sample

    241011-n8gznswekq

  • MD5

    8493c18b6abe1c949cdfb7b85607ea12

  • SHA1

    1b68df0319a0899e5ded197a6114f9af712d39b4

  • SHA256

    87eec7252ebb3103d6cec3600bbba578226dff35786744b716948726a7443bc3

  • SHA512

    e86b2a2889594a647ac467bb653fb2cee975dc31378ee2607fa28508af948a347015e93c87bf2e4fc69ddea94c558e19b9144efceff80186cdac6eb036f650c6

  • SSDEEP

    393216:+1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfd:+Mguj8Q4Vfv1qFTrY6

Malware Config

Targets

    • Target

      launcher.exe

    • Size

      35.9MB

    • MD5

      8493c18b6abe1c949cdfb7b85607ea12

    • SHA1

      1b68df0319a0899e5ded197a6114f9af712d39b4

    • SHA256

      87eec7252ebb3103d6cec3600bbba578226dff35786744b716948726a7443bc3

    • SHA512

      e86b2a2889594a647ac467bb653fb2cee975dc31378ee2607fa28508af948a347015e93c87bf2e4fc69ddea94c558e19b9144efceff80186cdac6eb036f650c6

    • SSDEEP

      393216:+1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfd:+Mguj8Q4Vfv1qFTrY6

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks