Overview

overview

10

Static

static

3

IOC.zip

windows7-x64

1

IOC.zip

windows10-2004-x64

1

SensApi.dll

windows7-x64

10

SensApi.dll

windows10-2004-x64

10

视频和�...us.exe

windows7-x64

10

视频和�...us.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IOC.zip

  • Size

    1.4MB

  • Sample

    241126-d9jjsasngw

  • MD5

    f1b00142524ba8a4ddc691388a5020fb

  • SHA1

    eaabba82a1c6689eb07ff4629daed8bc153fe42d

  • SHA256

    4b33219c5cadb4d741044874f6f0184d45f43891d28ad5b489716d4da21310fd

  • SHA512

    97ef7b89461a18a09adb5de37605e385c7bb5a2143f6df5b413747f78517fe032632adac51ddbe35b6904a7a306eabc1bfe67474a2cdf16e633c73b0bd0e9570

  • SSDEEP

    24576:+Rjjcd4pTEcRst4DRCFT2+Ob902gk6OesN9yWHnBgqKErnV5y/u/0t2O:+1TTEcRsGRmT2NgnKN9fHiErnV5y/M0b

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://95.169.204.214:9855/8255b5411e443eeb9780e/gnkkm53f.k5sne

Targets

    • Target

      IOC.zip

    • Size

      1.4MB

    • MD5

      f1b00142524ba8a4ddc691388a5020fb

    • SHA1

      eaabba82a1c6689eb07ff4629daed8bc153fe42d

    • SHA256

      4b33219c5cadb4d741044874f6f0184d45f43891d28ad5b489716d4da21310fd

    • SHA512

      97ef7b89461a18a09adb5de37605e385c7bb5a2143f6df5b413747f78517fe032632adac51ddbe35b6904a7a306eabc1bfe67474a2cdf16e633c73b0bd0e9570

    • SSDEEP

      24576:+Rjjcd4pTEcRst4DRCFT2+Ob902gk6OesN9yWHnBgqKErnV5y/u/0t2O:+1TTEcRsGRmT2NgnKN9fHiErnV5y/M0b

    Score
    1/10
    behavioral1behavioral2

    • Target

      SensApi.dll

    • Size

      1.9MB

    • MD5

      7b5b5391950e247ea71476dced1a4817

    • SHA1

      650ab434b877a4dfaab4984fb60ac8906e090e22

    • SHA256

      4560efffe292602f48a57073a98fcf7424549bbfab76e1bf646330151717d669

    • SHA512

      500fecb16a8441e8a061c6fff5552bc69497e74f8ecac54b8b439ea3aa6bab59bab42dd9ffab813ec197859d3feca6488a1f163d88ada813685015e195a3dc15

    • SSDEEP

      49152:OLbVkg26M9R/2LU5WNDPbu3UgEZLOkALP7fi6HW2C1:OPB1M9R/2LU54DPbuWkkkrHW2C1

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

    • Target

      视频和图片资料被盗版 - Music Plus.exe

    • Size

      1.0MB

    • MD5

      b89a82fb10e98f2fdf51fa82c7366dd3

    • SHA1

      dd814833bbb4600a835dd5dee1eaab826d2923b6

    • SHA256

      154a791e737a878965eb50ea879bc96857ef88602d94e169a75b1a6607e6018e

    • SHA512

      5c6389dd767c6cc983ab7e4b67a5196c1892f781b47839c49d9863e37a531b458bd7092597a5c8b98271906e7df067e8ac5b1faaec036b1c06ba04508951a6e4

    • SSDEEP

      12288:eCAo1EtxbJ5Ai5BMZPxSLEFHC+85GgPSTf8YRf6xQNU3Op:eCAo1EtxbDlKP859PSTFRfHNU3K

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks