Analysis
-
max time kernel
30s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
27-11-2024 09:54
General
-
Target
OSU-FREEDOM-main/freedom.exe
-
Size
539KB
-
MD5
32b86751d376ef214a26e50eecc6e67d
-
SHA1
b6b7a830578cfe154b6c27d18ea7761630bb5363
-
SHA256
60710a8b3e9d7b6985e6a2eab5c7ed57e2ee776db285ba69cc5b53c36110770f
-
SHA512
00ee95b52e926173dc8dc85d6a0b21d5eb54e99a91047292be6e761b61bcd467d1551d30715707b67642741803e0c463f64b4ce1a2c72be2d7415b2dffee31f5
-
SSDEEP
12288:gE50GSHrG6W42JcycysY0V3D9wCV+QnXGwnUP345WRgG3OkGGs/Lwmm:h+GSHrG6W42JcychY0FD9wCVPHw3yeJF
Score
10/10
Malware Config
Extracted
Family
rhadamanthys
C2
https://95.214.55.177:2525/a8ee4140c073de1ec851bc2b/black.api
Signatures
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Rhadamanthys family
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\OSU-FREEDOM-main\freedom.exe"C:\Users\Admin\AppData\Local\Temp\OSU-FREEDOM-main\freedom.exe"1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
2.0MB
-
Filesize
4.0MB
-
Filesize
620KB
-
Filesize
760KB
-
Filesize
620KB
-
Filesize
4.0MB
-
Filesize
4.0MB
-
Filesize
36KB
-
Filesize
2.8MB
-
Filesize
4.0MB
-
Filesize
760KB
-
Filesize
2.0MB
-
Filesize
4.0MB