Overview

overview

10

Static

static

3

Provadeidi...do.zip

windows7-x64

1

Provadeidi...do.zip

windows10-2004-x64

1

Prova dei ...do.exe

windows7-x64

10

Prova dei ...do.exe

windows10-2004-x64

10

msimg32.dll

windows7-x64

3

msimg32.dll

windows10-2004-x64

3

Resubmissions

31-01-2025 10:14

250131-l9xemsvmdn 10

31-01-2025 10:10

250131-l7qt3sspat 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Provadeidirittidiproprietchestaiviolando.zip

  • Size

    6.6MB

  • Sample

    250131-l9xemsvmdn

  • MD5

    514f6ef2a0510aa24e913ecd081cc137

  • SHA1

    0f61dd23e8c0dc2cd31a2f3da78c66a9a7c602ba

  • SHA256

    4345cdfa4a21ab91c144f93d77a4b4c94b732a98f38c0bb6aaa792810ee8bb46

  • SHA512

    fbac18b496a6dd8c668f938c5b6b0fd5e1f5cde9db5ce510a5c86729898938dfcea53ce72c3eee3477e4ca7d743c112749cd721404172878f61f29bd67448c01

  • SSDEEP

    98304:mrMSjP7idUYvi2GqVo19zhBwn2gvMjQfIv/WxmvC2S8M9dAcxkgu4qy0:mIYPkfq9jxgUjFv/EmvC2S80Aekf4qy0

Score
10/10
rhadamanthysdiscoverypersistencestealer

Malware Config

Targets

    • Target

      Provadeidirittidiproprietchestaiviolando.zip

    • Size

      6.6MB

    • MD5

      514f6ef2a0510aa24e913ecd081cc137

    • SHA1

      0f61dd23e8c0dc2cd31a2f3da78c66a9a7c602ba

    • SHA256

      4345cdfa4a21ab91c144f93d77a4b4c94b732a98f38c0bb6aaa792810ee8bb46

    • SHA512

      fbac18b496a6dd8c668f938c5b6b0fd5e1f5cde9db5ce510a5c86729898938dfcea53ce72c3eee3477e4ca7d743c112749cd721404172878f61f29bd67448c01

    • SSDEEP

      98304:mrMSjP7idUYvi2GqVo19zhBwn2gvMjQfIv/WxmvC2S8M9dAcxkgu4qy0:mIYPkfq9jxgUjFv/EmvC2S80Aekf4qy0

    Score
    1/10
    behavioral1behavioral2

    • Target

      Prova dei diritti di proprietà che stai violando.exe

    • Size

      6.1MB

    • MD5

      4864a55cff27f686023456a22371e790

    • SHA1

      6ed30c0371fe167d38411bfa6d720fcdcacc4f4c

    • SHA256

      08c7fb6067acc8ac207d28ab616c9ea5bc0d394956455d6a3eecb73f8010f7a2

    • SHA512

      4bd3a16435cca6ce7a7aa829eb967619a8b7c02598474e634442cffc55935870d54d844a04496bf9c7e8c29c40fae59ac6eb39c8550c091d06a28211491d0bfb

    • SSDEEP

      98304:VZQIM+/nv/CDoAkYwpAa5ge1zZ/jtdZwUkQ:bJCKlA2VKUz

    Score
    10/10
    rhadamanthysdiscoverypersistencestealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      msimg32.dll

    • Size

      42.6MB

    • MD5

      774f23f2abfa59b196af762383abe606

    • SHA1

      62766fa96d2800d4c83a6446bd3cc850a17913d0

    • SHA256

      46c92438d6f6fb21091621ba0e0175402880d8c5f90b22004a9d32167936d3d4

    • SHA512

      23865d5163fbed5a6366bd2e4e581605feebed18803ddc101c6910d895f4dfa6aee7b995e1fd69549f1a60d53f94d728266cfd1167f3f2444ac88eaf186777ae

    • SSDEEP

      98304:GHcqJrZ+wMjFg7Zriml4ObF5VyHu3fqRfxWs3nRP2jbww3:YcqJrZ+5jFg7Zrb4+F513OWs3nRun3

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks