Overview
overview
10Static
static
10ComponentF...it.dll
windows7-x64
1ComponentF...it.dll
windows10-2004-x64
1D3DX9_43.dll
windows7-x64
1D3DX9_43.dll
windows10-2004-x64
1Krypton.Toolkit.dll
windows7-x64
1Krypton.Toolkit.dll
windows10-2004-x64
1Mono.Cecil.dll
windows7-x64
1Mono.Cecil.dll
windows10-2004-x64
1Mono.Nat.dll
windows7-x64
1Mono.Nat.dll
windows10-2004-x64
1Vestris.Re...ib.dll
windows7-x64
1Vestris.Re...ib.dll
windows10-2004-x64
1XWorm.exe
windows7-x64
10XWorm.exe
windows10-2004-x64
10General
-
Target
XWorm.rar
-
Size
3.8MB
-
Sample
241103-dr2bwasqcv
-
MD5
72ed99d6168329b94021eaf282af0552
-
SHA1
0be0ad479efa7b5d3021b06ab5f6b71f858ba08f
-
SHA256
463eb31b863993ffc7ebd1e67a593c0fc01bfcef367a988191926facfb93d93a
-
SHA512
b11c5657389e8e6f5af5bdbef2b22daef62e26484117c9a30de184a63980e6108cd804e43db7494f24057eaeec32ced7ab5ebd6f7aedb6467a207a209a2bd2a7
-
SSDEEP
98304:AdRaDzmLW/nQDItjvhd8cMOBmYS1svAJFFa6XmeuwSqUjGMtokcqh:AAearjJd8vNYNQFzEvBVtoFqh
Behavioral task
behavioral1
Sample
ComponentFactory.Krypton.Toolkit.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ComponentFactory.Krypton.Toolkit.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
D3DX9_43.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
D3DX9_43.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Krypton.Toolkit.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Krypton.Toolkit.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Mono.Cecil.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Mono.Cecil.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Mono.Nat.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
Mono.Nat.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Vestris.ResourceLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Vestris.ResourceLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
XWorm.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
XWorm.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
rhadamanthys
https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif
Targets
-
-
Target
ComponentFactory.Krypton.Toolkit.dll
-
Size
2.8MB
-
MD5
129884de0e136521fd650c59b2633e82
-
SHA1
43fea10a62670568c00a2910c3ee6fc1ceaa1bdc
-
SHA256
8c69f5df110bc1a61bdc3d8754ebfd3f49d9d995b9dd129accaf88371ce71e30
-
SHA512
fbd40a8dd172449de46cecc08cdc2078409e5d893426364630c974903499c617f8cca2f4fd52cf030a835a376e140daf113a6d385027a9e2ede289ba32c8da43
-
SSDEEP
24576:9aA+gKf9mE6kWF2IaltkdgZUfoOJtMl6X1ZTJxf9VqY7djlb1IqdGsUfSYqsyb:UIaltkdgqHJtMl6XD7h7Nh1ImYqsy
Score1/10 -
-
-
Target
D3DX9_43.dll
-
Size
2.3MB
-
MD5
7160fc226391c0b50c85571fa1a546e5
-
SHA1
2bf450850a522a09e8d1ce0f1e443d86d934f4ad
-
SHA256
84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4
-
SHA512
dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b
-
SSDEEP
49152:dbCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nW:YIIBnW
Score1/10 -
-
-
Target
Krypton.Toolkit.dll
-
Size
4.3MB
-
MD5
068b4f05eb35479a419bc55da643781e
-
SHA1
1d0fe6bb23bbd63dc6d4248f7c17afcf4bc16dea
-
SHA256
477ebd61ce116c6908a1cd1e50bc93869f6f7b9c3e0e5757551e6dd2a01b4648
-
SHA512
f9022c7d91364519f5b773fd641741637f89a4f4f8eb1406d1c594e0a286724cea7494fb047e810bbed0579b6870db49a6828b1c79808e4554d762f326a87dcc
-
SSDEEP
49152:tmB08naO5IDdOBQNJxtk7ryrDdkny3y+sUFdRcRkMb2J:Mu8naO5oj9k7rODdlmHOMbO
Score1/10 -
-
-
Target
Mono.Cecil.dll
-
Size
277KB
-
MD5
8df4d6b5dc1629fcefcdc20210a88eac
-
SHA1
16c661757ad90eb84228aa3487db11a2eac6fe64
-
SHA256
3e4288b32006fe8499b43a7f605bb7337931847a0aa79a33217a1d6d1a6c397e
-
SHA512
874b4987865588efb806a283b0e785fd24e8b1562026edd43050e150bce6c883134f3c8ad0f8c107b0fb1b26fce6ddcc7e344a5f55c3788dac35035b13d15174
-
SSDEEP
6144:iYOMWAEq+PAEwGQ9Xivs0s4EtS1Fv8jnLKdFvkPo2:AG+PpjQSHv8jA
Score1/10 -
-
-
Target
Mono.Nat.dll
-
Size
40KB
-
MD5
bf929442b12d4b5f9906b29834bf7db1
-
SHA1
810a2b3c8e548d1df931538bc304cc1405f7a32b
-
SHA256
b33435ac7cdefcf7c2adf96738c762a95414eb7a4967ef6b88dcda14d58bfee0
-
SHA512
9fcfaf48bfe5455a466e666bafa59a7348a736368daa892333cefa0cac22bcef3255f9cee24a70ed96011b73abea8e5d3dbf24876cffa81e0b532df41dd81828
-
SSDEEP
768:yoVesKx0V2LpibQJxoKUDHj560aSX3zlJAO:lVespQibC+H56k3fF
Score1/10 -
-
-
Target
Vestris.ResourceLib.dll
-
Size
76KB
-
MD5
64e9cb25aeefeeba3bb579fb1a5559bc
-
SHA1
e719f80fcbd952609475f3d4a42aa578b2034624
-
SHA256
34cab594ce9c9af8e12a6923fc16468f5b87e168777db4be2f04db883c1db993
-
SHA512
b21cd93f010b345b09b771d24b2e5eeed3b73a82fc16badafea7f0324e39477b0d7033623923313d2de5513cb778428ae10161ae7fc0d6b00e446f8d89cf0f8c
-
SSDEEP
1536:5Z0R489PUoltCY19T7Uf5DYoRvtkA2MNmjYgGKeK9jXGYWs:L0R489PUeCy7Uf5pVCMwjVG/K9jp
Score1/10 -
-
-
Target
XWorm.exe
-
Size
456KB
-
MD5
515a0c8be21a5ba836e5687fc2d73333
-
SHA1
c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
-
SHA256
9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
-
SHA512
4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522
-
SSDEEP
6144:2uWP/BtSnurUylcrGYlnIttxv8HbcLgsd1Gus5psdrvV44dixP+MHDkBYdxtG9+V:2uWP/BZUyoLu8Agsmxwrvejkd2
Score10/10-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-