General

  • Target

    launcher.exe

  • Size

    35.9MB

  • Sample

    241014-ch9ffswbkd

  • MD5

    a005515ec895596dedf37353c36cf316

  • SHA1

    2194e563495ee86dde3e81ef7a38f954ce37f649

  • SHA256

    b4319210ed63ced7b431ef15430a5a98dadf9601af2ec882d00b48e1aefca6c8

  • SHA512

    2a7314a91e745e4a4b67db70acb445a187eaf18f71ec9b81aba7a1794ee9e4413ec6ecd47c4a36813bd1b1a184cded750cebaf57fd4873664791f8848765f170

  • SSDEEP

    393216:M1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfc:MMguj8Q4VfvPqFTrYb

Malware Config

Targets

    • Target

      launcher.exe

    • Size

      35.9MB

    • MD5

      a005515ec895596dedf37353c36cf316

    • SHA1

      2194e563495ee86dde3e81ef7a38f954ce37f649

    • SHA256

      b4319210ed63ced7b431ef15430a5a98dadf9601af2ec882d00b48e1aefca6c8

    • SHA512

      2a7314a91e745e4a4b67db70acb445a187eaf18f71ec9b81aba7a1794ee9e4413ec6ecd47c4a36813bd1b1a184cded750cebaf57fd4873664791f8848765f170

    • SSDEEP

      393216:M1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfc:MMguj8Q4VfvPqFTrYb

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks