Overview

overview

10

Static

static

6

msimg32.dll

windows7-x64

10

msimg32.dll

windows10-2004-x64

10

rename_me2.pdf

windows7-x64

3

rename_me2.pdf

windows10-2004-x64

3

저작권 ...LC.exe

windows7-x64

10

저작권 ...LC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00086cf4f35b6fb7f897cfa2f0d5ad9876aa9819cdc87416c798005ce901d3a1

  • Size

    98.6MB

  • Sample

    241122-mnpcksvncq

  • MD5

    8f72042331c0c359af694ca4db0b5f81

  • SHA1

    c3e9aa463d3a88ea34d3edf3a29754843137c11f

  • SHA256

    00086cf4f35b6fb7f897cfa2f0d5ad9876aa9819cdc87416c798005ce901d3a1

  • SHA512

    d7e145a1c0d2b6f2f94d51f02a5308c3ff54266a5c6addb227c1d1e52232d0e16d870d4f31d3aa929cf79fb39ad3f07ad5ed9d3099bd41682be33accd6d6d6e5

  • SSDEEP

    3145728:R9WmBuj5V9/97h+8ZYqk/t5YVuxflmaKameBjn9NghzrvuN:Qbmtzm8/BhqrvuN

Score
10/10
rhadamanthysdiscoveryevasionpdfpersistencestealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://15.235.176.166:8344/ecda3896be16ad7255/82pwxrmt.osobm

Targets

    • Target

      msimg32.dll

    • Size

      1.9MB

    • MD5

      ba8a29088dd3dc919f90ef70c65e38dc

    • SHA1

      c4a61b1115e3827bd324449427a66fc15fcb6f79

    • SHA256

      9bdf49b27fd4d80ef087f63e0bfa0a0822686814863eca09ac506404ad76dfda

    • SHA512

      2981fd23165bd8a24fafc3ed95879d25f1a452a625a43fa07538b67f733a7d5f383519e895d374f573ce2183afac62e7aa8c27d84d626174026d5a2efcdb14ed

    • SSDEEP

      24576:rdqeOXnrNOEMudreb7LVkhdyJYKkbg6psPyWwxnMqfbc5MU47iA8koWOmydA7iRC:rtZA+rMVL7pZLOkALP7fiRHkG

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      rename_me2.renameextension

    • Size

      220.0MB

    • MD5

      65062141a5aa00068b12b74a85d67b41

    • SHA1

      5ba2d2c53978b4de3a123d79fa3ed60e93d86a48

    • SHA256

      133be53c484a7d2f18f7919a393b60f4276f7900417bcd7bfecdbe977e750fb4

    • SHA512

      d9bdde0c7293acbdf4410b454cfd9a1ed6d645b69a108d88292cc3008d42909934d269d03c94d06e4868b1b2d0c6b0a260a3dfaacca9338e227452c307998231

    • SSDEEP

      3145728:96lH+byk0ZggBznCh2HCea5bQ92NmDVr9XqnZGWp:

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      저작권 침해 이미지 및 비디오 - Yulchon LLC.exe

    • Size

      1.2MB

    • MD5

      5cf6fc455c22989cf2e224c6427d3ae2

    • SHA1

      cee9351944a767ee26e6933f5725d4f223a9a474

    • SHA256

      d10fb204173471ea2394e877e6c354085e82488cd82d685bb31ffb40e73cd2f0

    • SHA512

      da54844ed075a3fc5c9099b134b9fa839434314dd3ad2a5832e4abca116970d80c45b14ca22193d41abfacbcececb42c82cc66abc73dedf681d0ee86adbc97bc

    • SSDEEP

      24576:vtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5xax0vTx96jA:FqTytRFk6ek1x3j

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks