rhadamanthys

Sharing

Copy URL

Twitter E-mail

General

Target

Ch3ck0-dj.zip
Size

7.4MB
Sample

250203-rmk1zstkdw
MD5

980d992ca27b138cef7ebdfef4f0fdc6
SHA1

8428a7d86b188a6aac0a6262d7d3ca5f1102fe43
SHA256

cc95afa3bcfc0c265b5df90c4b354f95ef382ee875cd2f5ee2aaf3c60ed0e475
SHA512

480ac5466ded3ea6aafed8b24a3a12006bf33c34140ecb777f07f47075b4f5dfc041b6b0fcfb0f75388f43d7cea18820efa0318355e3cac061ada1723b9dcdb0
SSDEEP

196608:S53yaSXsp4M0/gnSVICWoC2HojNu8zkpxcRwuBqEN9P/:S5rSX3Z4nweUcbzkJ8v/

Score

10^/10

Malware Config

Targets

- Target
  
  Ch3ck0-dj.zip
- Size
  
  7.4MB
- MD5
  
  980d992ca27b138cef7ebdfef4f0fdc6
- SHA1
  
  8428a7d86b188a6aac0a6262d7d3ca5f1102fe43
- SHA256
  
  cc95afa3bcfc0c265b5df90c4b354f95ef382ee875cd2f5ee2aaf3c60ed0e475
- SHA512
  
  480ac5466ded3ea6aafed8b24a3a12006bf33c34140ecb777f07f47075b4f5dfc041b6b0fcfb0f75388f43d7cea18820efa0318355e3cac061ada1723b9dcdb0
- SSDEEP
  
  196608:S53yaSXsp4M0/gnSVICWoC2HojNu8zkpxcRwuBqEN9P/:S5rSX3Z4nweUcbzkJ8v/
Score

1^/10
behavioral1
- Target
  
  ChjokM3.zip
- Size
  
  7.4MB
- MD5
  
  4b6301c2eeb463cd15abc38dafd1d376
- SHA1
  
  7448f8c2f372c816a91f3d05f237d32482a8a5ce
- SHA256
  
  b4b37536412dddffe6d1dce13f44777dbee23d93b464b84331ee09b95a6f3420
- SHA512
  
  1198bd39adc5f0b5edb300b72cccbab185ca0698235e4b3fb7ae01a2305a3978723c59eaaae42e4912bc5c7e4ce6190e5b0d94d3d474e8eaa76abf7175f777df
- SSDEEP
  
  196608:qegIP3fx667hvWKxKDCh0vM4ws51AHgoCE7OlOC/Ar/m:qdQ667ZWvOh0/x1147OlV/uO
Score

1^/10
behavioral2
- Target
  
  ChjokM3/BoostrappersFGD.exe
- Size
  
  1.3MB
- MD5
  
  6b2997fc7396a92dba36300b22919eb5
- SHA1
  
  668b7686960603f860850fb3b4717bd339557784
- SHA256
  
  b3372fca3eb452875f5627f99b6c963684102a0f09f1fefd604f153de24b6ea7
- SHA512
  
  6eddc2191c1859e5fe6a0045dc1797ef40e07760430662380c25e760fe45879a1c7f0ffa940154fc37f6c8e6b0017c66ed2b210f897739d6cefba2729764af51
- SSDEEP
  
  24576:+zIp4NTME223+C0S1/B8TlsPPU++BoAunC6XtANU0poZslGtZ6GltIF0IU+LB:fdElzp1yTG3h+5uC6qxJQH57ImIJLB
Score

10^/10

rhadamanthys discovery stealer
- Detects Rhadamanthys payload
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Rhadamanthys family
  rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral3
- Target
  
  ChjokM3/Load/af.pak
- Size
  
  327KB
- MD5
  
  c9312ff081e600e5fb4483b46ddd7c23
- SHA1
  
  1ff05a6a06cc73caf2d7545a3821d90c228ac0af
- SHA256
  
  b1987cdcbb8d76598422aa1739a246ed6690dc1b211f950fcbf2f040491ed7a8
- SHA512
  
  20c136b44770aa0e06259687656675a3e14310ea4e8ba214726b216bc1bcad6026267bf0132cbca642c0b5c49293386d0a1bd93ba40e1c33b648ae70416e8898
- SSDEEP
  
  6144:ZP+kgc+kVWlEvC9Z5D49Em7kLjB6oAYxjYgDbwxesB+xSK1IA3y25tHwDwv22iGe:ZPfclEvC2im4LjB6oAYxjYgDbwAVSK16
Score

3^/10
behavioral4
- Target
  
  ChjokM3/Load/am.pak
- Size
  
  531KB
- MD5
  
  e8bac983607c5432f789afdacdda42ac
- SHA1
  
  95c26f47f7102be338263fd7f7e365632651f22e
- SHA256
  
  ee363b88697a26d486c77bbf05f5f7f62d4b40c235e1d85e11448083070576f7
- SHA512
  
  5e26f40c8dc088d21b9b6a01041ece3bd4b2899ee33fdd85be995545c7a24860fdc9c672da8c9345a08891e0bac04ccf4d65de543f4cfba0bab0ae3fb32354c7
- SSDEEP
  
  12288:GguzxX8xfzKsEYg95z9SBeuUPQvx30jH8+I:GX8xfzKnYg95z9SBoPQr
Score

3^/10
behavioral5
- Target
  
  ChjokM3/Load/ar.pak
- Size
  
  574KB
- MD5
  
  d1d99f4f2045531edc47d37a367402bd
- SHA1
  
  825385e524ece779c641a4ce2a57d14ff126d509
- SHA256
  
  bfa2a3c3ebb3c6afbca42cb70b4da8f997068d511cf40ee8a952a893b8f9d7cd
- SHA512
  
  4255b02c19ed373d711068a2d4639d462372071cc2aadb6afce459d9fe19bda21ffcbf1604e4937617cd5fee996f9b3786be1c2bed4dc4919d849c7a988a6ac0
- SSDEEP
  
  12288:el2RFtqr0jXjiRp8DvYUBuSYRrA5SNbr+ATg8Y3MgSEN6h:m2Ru1fRk52+M
Score

3^/10
behavioral6
- Target
  
  ChjokM3/Load/bn.pak
- Size
  
  780KB
- MD5
  
  cb203032925be270222dc2c20fe771e2
- SHA1
  
  2f2f20bbbd07ee01cc996247bd9c2f40037dff80
- SHA256
  
  297d52b252df0912490ddf26fa58706895e70c2a0f3f09d0dc756706720095ef
- SHA512
  
  052be75c51051949c84216566b462733b61026ba74e212b000cbed7d93cb852e74ae83d64d2eaadc3093af4265b6783184cf8e0368a75e077d4b75daba40f9b4
- SSDEEP
  
  3072:Kw+ZjJj+E7z0eC6HcvR1kgBbdawSU5ZwXll4:4tJXZ78vRNBbdz5ily
Score

3^/10
behavioral7
- Target
  
  ChjokM3/Load/cs.pak
- Size
  
  377KB
- MD5
  
  3e2c49143f4718ddd9c1c74f8599fac2
- SHA1
  
  7cce45de66a3895c3493b998fef7bedf045b29e2
- SHA256
  
  08e40f5efc616cdc0588fb4b1a706d997c69d17ddaf97eb91a4aabafaa11cee6
- SHA512
  
  a849ca0d09e0d4c025d9de6c8008c13e13581961c321f53a552deeaa210db891914386fd51673615aec8b5d8d68a921a968db5d0fe447963892ceb0948861e3d
- SSDEEP
  
  6144:QhKH/gwYPl/XACAjRe15q8+Y1zAXn5q8QM:9fgdPl/Q3e15q8+Y1AXnF
Score

3^/10
behavioral8
- Target
  
  ChjokM3/Load/da.pak
- Size
  
  342KB
- MD5
  
  f3a47e259c59de0aabef03e6b5a263ca
- SHA1
  
  c45bd961c8bb84331d652f4399675b365f5dfe23
- SHA256
  
  13c9583127d9d723801c946039e60f72dbbde898dd23fb9f675b9e299d0ce72a
- SHA512
  
  4249456e572403249580905f1b4b4471b6a8d84c6c71201c42adc862d4e0d33f957ae1057109e900a10a029a8dfc45257b0e0e283ad9eca21a30498a0795eff2
- SSDEEP
  
  6144:eAzv/f19wl6qKJwRXFGZO2Z5nYryGzOWi05TWwc:5H9IF85Yr5T0
Score

3^/10
behavioral9
- Target
  
  ChjokM3/Load/el.pak
- Size
  
  664KB
- MD5
  
  8f5a15560710db2af852512b7298b93e
- SHA1
  
  30a13ebef10108effbad8c24b680228660658415
- SHA256
  
  bc07e403272a4d65305fe24a827404d7b931d01cda547f8c07a840d19e591430
- SHA512
  
  e3cedc0eaa82b10a68a40aca8ec1379a6bb924766e1c5abd97e39c621dcbc195d6c1ff80921c2320f0f1c87d160bc2a6258108399876339e5104f98d90a861de
- SSDEEP
  
  12288:RdquNwK202pgaZH4q5OaPY3HvO9K63/fgBsbfFnxHuhWTT9rkv0pfBtMMkffFZig:RdquNwK202pgaWqsaA3Hm9K63/fgBs9I
Score

4^/10

discovery
behavioral10
- Target
  
  ChjokM3/Load/en-US.pak
- Size
  
  302KB
- MD5
  
  3fef69b20e6f9599e9c2369398e571c0
- SHA1
  
  92be2b65b62938e6426ab333c82d70d337666784
- SHA256
  
  a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c
- SHA512
  
  3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d
- SSDEEP
  
  6144:yoaiWmH9xPN6DacNMP9elahdQfaYejDJDsN5ySMZswS:taiWF+cNMbhd7jDJi5ySEswS
Score

3^/10
behavioral11
- Target
  
  ChjokM3/Load/es-419.pak
- Size
  
  366KB
- MD5
  
  13c6d0a268545541f325375d431b41ae
- SHA1
  
  5f5c41348f00c5e5539d261c2b76ae6e3ec7af83
- SHA256
  
  943fa8774ade38d57349a5d27869097a782bc06bd34c40864a85ba829457d127
- SHA512
  
  09cbb2b21304ca8afa8b760b738adb5422e83550085f1aed8e8590eeef04a2b0e131e1ead6723c3e85383630c483d7720e55f71305ff4821d7822fe6d7aa4252
- SSDEEP
  
  3072:rt+uPUzEx0HrKJBjQMU0dmdv5jrqMCOyu0sdzPh7buhwwJ3Os57lLfGLFg3WSszj:rt+o+I0H6nUxv5rYQQJH5sLFg3WSsTG6
Score

3^/10
behavioral12
- Target
  
  ChjokM3/Load/et.pak
- Size
  
  330KB
- MD5
  
  054865950b3b9e8312a7f9490268eaca
- SHA1
  
  28b0176112eddb7af58386b4f8aed4a49b9a2661
- SHA256
  
  3599e7138a24a31839da877cc9718b9c0c9522437ea93a6222a119080f108d14
- SHA512
  
  bfc72f19ad1a52c0da82409accb33a27b2844ed29010207268c7d695ad7562a8867a87b70ac50142909b50b81a5c84d6f6a43968353ae7a72bc042aea8cbb59f
- SSDEEP
  
  6144:GPJXg42WkHwGkDmzZpDM0djry2zuJbT/RcLvihV15Ujc43ceLfLPQu:6JuvymrDbWF15Ujf
Score

3^/10
behavioral13
- Target
  
  ChjokM3/Load/fa.pak
- Size
  
  535KB
- MD5
  
  c27431f2de37b9643b83e383f7eae5a8
- SHA1
  
  16d068d9738e1aa9b94658299a4eac3972520864
- SHA256
  
  bb28ad47e95aefaa2d8d7b6a7f449f9707cfadbcd4c21bad8bd8a6578108d2cd
- SHA512
  
  4ccc46dc7756ea0e60e6d278bcac1262a54ba03742fd0eb4d9f1f962486394fa56491844871dacb4cb0501c6f594334d3f23f3db82bfdfa1f938e1ae609d6600
- SSDEEP
  
  12288:aGz43DX9nuya1jfwHLwNUaGSSfStQvueKT+JwMTAKzIxRAQiHedNu3htodxWetlh:aF3luya1jfwrwNUaGSSfStQvueKT+Jw7
Score

3^/10
behavioral14
- Target
  
  ChjokM3/Load/fi.pak
- Size
  
  338KB
- MD5
  
  aac0554a39bb1ae91e2ed4246e04c30e
- SHA1
  
  031785024765eda1534fd9504eccbe1b471ae618
- SHA256
  
  df8cefa4831fc2fdf817dd6d49a6373edee4f51f23cf990c690e72ce348f69bb
- SHA512
  
  a6afc9464047c75157dcb8ece086c1c5bf4dccb48d33da24e35c43110f300cfea503c4cca093f3d4bcc7a0fdcb306138da5be288ef646881b625751e40d93689
- SSDEEP
  
  6144:3pR/2jxpvwhnVgQsm3aOE/8aCEELsR5w5jSH4EJ18GWU/8nZRuX1wr2:vOnvoG8a35w5+H4EJ18GWU/o2
Score

3^/10
behavioral15
- Target
  
  ChjokM3/Load/fil.pak
- Size
  
  379KB
- MD5
  
  f989a7215cac1e3fb4759e5fba9aef67
- SHA1
  
  5ecf35f160e1f8242b3bca163673e24cf6d77403
- SHA256
  
  448bc8eae353c188ffaa4c2466956598ad807f0f0aae7f12e1bc59584e1aac2d
- SHA512
  
  b872beb5b1c2702f4eae616f633318b4575f573c06a3f1f0f1e1ab83585a52caf2f3c788c0c3a0d499c381fb7f06a3ea355b8686ded2ed1e392662f2746db01f
- SSDEEP
  
  6144:Po2wvMrF/y/DQkaRqQHunLxenGkZ3+mo59gmPHkAxw78:ykeCBHudqo5KmF
Score

3^/10
behavioral16
- Target
  
  ChjokM3/Load/fr.pak
- Size
  
  395KB
- MD5
  
  13968778147dad5af68fdb7464ca517c
- SHA1
  
  42abb9873c472a82d400e6896e90731b7cae06b5
- SHA256
  
  7af39af49846fba6d6b8ee18b2a212f1323ebc1cff1af0053194d01d8d5433f6
- SHA512
  
  c1f54ccf4f82e158173d9db8464adca64a88f8ddee23afbb51d80535b4f25f138dac16a337504ca3ff8c3dbe9aff05ecc2aaa40afe8d77bbbd4f141b07e39100
- SSDEEP
  
  12288:k7L2tn6QuagV1YzhKJZsMYnYE1OxBW50xLHIWWCMcpU8wRp5a5FQusDh6dBKIJFb:GJVdMcN5B
Score

3^/10
behavioral17
- Target
  
  ChjokM3/Load/gu.pak
- Size
  
  755KB
- MD5
  
  7b476c423ce29e61b0b21d7b6a2a56b2
- SHA1
  
  5558dcec5b2580345b0797f1f2ea41952417335a
- SHA256
  
  047da4dfadcfc6bec8f4dc7d250b1757caf31a23bcfa2ea3e1f3b1cdbe9a3995
- SHA512
  
  a494ab32e45cf74e2b7e0424b4e3740470c5c6cfac8f6cc980a681eb8c21cab76255391b6884134593dc7b1029ffd861f74b47130533232881c137c41ef92cac
- SSDEEP
  
  3072:/h/zHr2DzDNmtZITYKMaWZu/lsMhmkTd4MUz2sQm251jvHsWnIIRfAHw/g/I/B6i:/ZDizBm/Voaz5cYh+Gyj
Score

3^/10
behavioral18
- Target
  
  ChjokM3/Load/he.pak
- Size
  
  468KB
- MD5
  
  f4dad4f97b5f75d6d7219d43f630c2b9
- SHA1
  
  ed8c790b3b5e3faf683aa978895f266eea5b823e
- SHA256
  
  6649a844f222cfcec01e75d3de3cb3658f1347ea3851d31b8124597b87e7b57d
- SHA512
  
  f00e7e38ec0da1c110b4142dd13b3cae8b912c16518eeb4cfd7f19a0cef2c6601ec1e4959597066703b12b7dffb44fd918c7170231c2b42e40b0d90241b85133
- SSDEEP
  
  12288:lsQOFiBr3By4L92QmYq6A560SAX4o75P5oAHM7O5p9mTfDnwPEQgo:lsbss5Bok
Score

3^/10
behavioral19
- Target
  
  ChjokM3/Load/hi.pak
- Size
  
  787KB
- MD5
  
  1185163466551aacae45329c93e92a91
- SHA1
  
  0dcbfed274934991966ce666d6d941cfe8366323
- SHA256
  
  eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5
- SHA512
  
  6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606
- SSDEEP
  
  3072:4m//Yxz8BS65Ob5EeQzFc67R7dk5Sv34QAEm5dmLrsoe4GR3doInN8edYbOqGPt5:rYZ895O9ExFlReg5R5HQO4
Score

3^/10
behavioral20
- Target
  
  ChjokM3/Load/hr.pak
- Size
  
  365KB
- MD5
  
  04fdc1dac2cae614b0f566310dc83bd0
- SHA1
  
  74e460e19a5e9c8b6181fa37cb9085f93bbc6233
- SHA256
  
  bada5828fc0d80c842d1409b54e8da516ae737ca30d86658b3fad5c8ace4722e
- SHA512
  
  a07bebd16f00b0b46059a7b80454664757687a59903bc36cb837cfb55e69bf7f683157372f74ff8355ad50c3b747c9674ee942aac95a9804c39acb3841721d24
- SSDEEP
  
  3072:Rt0zZ58bkQijHuVGgYzgJ5OSFT0uPFG4rV6WI6DkYAiKbeMuVjLsGW0Yqz7pFyLI:72Z5QYuVb3P6T5D37pW
Score

3^/10
behavioral21
- Target
  
  ChjokM3/Load/hu.pak
- Size
  
  395KB
- MD5
  
  410d8966721ff8817eb3a57f95a4b885
- SHA1
  
  f0fbe70c772bd635b0c4a927420e15b96dae05a5
- SHA256
  
  688312f38488c7256370b1517b84963a3ff886b31692cc504fe169db241a43f0
- SHA512
  
  d0aa167ee919589ff3b80640e8db4c6d11f9159e4a246082f0a564482789011c260f124b9a7102649d998c6a89cbff58cffab5a40e33769b990e64d6cc703378
- SSDEEP
  
  6144:gvROCXS24UmV5z/fZ2GRoSYTLySam7YF3tys5gRULJatGqUnvydpECk3ICf:gvRZsV5z/+lP7+tys5vNDp
Score

3^/10
behavioral22
- Target
  
  ChjokM3/Load/id.pak
- Size
  
  324KB
- MD5
  
  0e82cf23475ab7328741670f4dfa3093
- SHA1
  
  fd854e31f4ab212d0b3bca676420d5600d8daa83
- SHA256
  
  21368245d99265e760b1b57a3169feb72e6b5099c3f1855155d147b2f788eda4
- SHA512
  
  52d694afeb3e7272740192e6b4cab9acab460ae6e66912f090b049a1f431a5c17a4c3d037fc9c450b8a224ed793605e234b4d649a95289770997acd43b5dbb32
- SSDEEP
  
  6144:NbXLerWB/kUEPsw0ofjDVnjHFXFmP2L6aF5NyhBvt4fSRsEaF:h7cKE/0GVnjHF1m+LlF5Nyhs
Score

3^/10
behavioral23
- Target
  
  ChjokM3/Load/it.pak
- Size
  
  360KB
- MD5
  
  9fbb2f5d9c70d9e46368538853929f75
- SHA1
  
  45daceb422478c5a7b7b61f5ee68cc08a19f2ac3
- SHA256
  
  13dd077e5e8c8b04ac0854e4466ee074df67c74cd29cc48a0c2c9f96f768fad5
- SHA512
  
  77d8607ba52190258ed2e7c6e43a44bad1669294a441cc6ee9d91fa28c26c6675225e41cc309200aee01fecc1a0d369a8e4458c0095c297ed237bba50798c4dd
- SSDEEP
  
  6144:dF9dctIYSrqRrhsO1FGT9TEAGw3nlXgOPwtkWgGyu8HryYm0wNB6XtS6LevpLOvy:3/lZRe8+Yx3vjw5Lsol
Score

3^/10
behavioral24
- Target
  
  ChjokM3/Load/ja.pak
- Size
  
  440KB
- MD5
  
  67a379c826f0eb60750bfba0b8e10468
- SHA1
  
  62662d8efd773b18c99169752996b11f30a64ca3
- SHA256
  
  2c5457b0fa6fe41b7b524aa726dae4dd69e7072864f73f211c731810d00b9323
- SHA512
  
  38c44dd6c83362cd118543b7619811c671283618a3081f07a015f8110388d71b7767eb0a7a49c37c8e2e9e900dae6aa7f8560e5494afe6b29e01ede402e4944e
- SSDEEP
  
  6144:jUZWQGehaoFbqn6S+RUpZSb2LwPH+5VgxVg:LQhJe60pZSb2kPH+5VV
Score

3^/10
behavioral25
- Target
  
  ChjokM3/Load/kn.pak
- Size
  
  872KB
- MD5
  
  8a3427385226ab72e8421d84225f7adf
- SHA1
  
  701a85bc6bca0ed33dbe1aa3a617ce26576c7421
- SHA256
  
  c315e791770cea204c7e49ef5b68fa46fe42864a33e77fa5a1d42f87ba85124f
- SHA512
  
  310719fb102c1f892d354f1478bba06e856bd45da08416be970a0a76e44c7d81aaa9ddd878234b2348b625e0d18cfe7c966379115f35d51f4ee78a986c1243b0
- SSDEEP
  
  6144:O+wN1jeEb7qb4GvGK25j/u7cB2jrith0vkcVwVattrmQLHMj0AWviYRpySIvSuNu:NwzSS7qdR+QygZ5gJ765mWUj+yt++FS
Score

3^/10
behavioral26
- Target
  
  ChjokM3/Load/ko.pak
- Size
  
  369KB
- MD5
  
  3340fd0a5e8f97f122e1d6e9a2052ca6
- SHA1
  
  9c8504b78633b6d6e445723b351a08392916c7d0
- SHA256
  
  3ee7d79af9ec226bebfdd9d79907f1bc97d528d2009dbd0db23d74ad655e0256
- SHA512
  
  07eb8dab24ea8545cdaf38e35bc23a71a33bf87a1c0ac78ac564c103c6ae53357de2d4fd635b22995cefdc9d8e8241c66d78dd44d68a9f2f251be77c0afa7704
- SSDEEP
  
  6144:DL/SK0qZvHJmb1QdTVtZqZXRZqiq7vqLZyQnP9kYvWyCt8Oh+jJAhxlw5R7X98dz:DL/SQJmJKh0noyCt8OhoJAhXw5R7X989
Score

3^/10
behavioral27
- Target
  
  ChjokM3/Load/lt.pak
- Size
  
  395KB
- MD5
  
  c037c0d80be2c913c20e3fe96d9cdaff
- SHA1
  
  8dfd2a42fb2e0041d6ac9b90c78b3cad0283c757
- SHA256
  
  e7c133a8dc438870f97112587f5f223f5fcae4f1510874b95b72cc281fa150fd
- SHA512
  
  0a90dd7d39759e1e63205a827ed6611dc6e54b37c668795123de7f35c446ee41174675a0d813974dba7353c0a1cc4320049d4fd1368cdfccb9cf9afa47fcb4f5
- SSDEEP
  
  6144:ExMwGiVqc4anfOfbZnaI+onSzwB74p5Ub04ua7OoMI8Z2IF6SB:lw/M/fBX+onPup5S0MMJP6SB
Score

3^/10
behavioral28
- Target
  
  ChjokM3/Load/lv.pak
- Size
  
  393KB
- MD5
  
  b14f9d61e064903bc73d18e40846e1ac
- SHA1
  
  5a3da27335194707ffeb07add46662df1fefd76f
- SHA256
  
  6e99a3ef823a651f5187c5c549a6885002a2f8523c014f989ec6d53d87e7aac7
- SHA512
  
  dab97f5d75d5f60c82969ac01dfc1ffffc0ec5fbe2063c6df0535130ea1432363be1475a440b6075440f68217cd6840a63bcfea0409586d755ff8e57c029baf3
- SSDEEP
  
  6144:b3p3yLG9mRNhtVFO6mM7pl44cfX7apaRZ5v4m0cxEl9AC2anpArAFTHVs1C:TpigT87P4467zZ5NEH2ms1C
Score

3^/10
behavioral29
- Target
  
  ChjokM3/Load/ml.pak
- Size
  
  915KB
- MD5
  
  fc33673850c17a865cae7695fd3eb5b5
- SHA1
  
  72f3241ea35554c881e1849ba53b8f64b04502c1
- SHA256
  
  6295eb0b0d05d26b3fdaa19ad390ba30f267b7af7a60a214db558dcdbdb436c4
- SHA512
  
  6845293c0cd4ee1aa94972da1d58fd7085da5dd664d4031005200ae38fc4ab20f2c5cf44fe07ff80e003ef072f7f1cb23a452d6ce47124aa1efb3d26ae86b279
- SSDEEP
  
  12288:Wq0rekvVG6W+SG7/KgLC4nMmWDcZubSAemNPHVhJ5n/7d597Y3rE:fQel6W+jHsd5n/7V03w
Score

3^/10
behavioral30
- Target
  
  ChjokM3/Load/mr.pak
- Size
  
  743KB
- MD5
  
  d1f1c482775f60a868ca094108e3ac3c
- SHA1
  
  ba4396e5b585735e8505263ed42884876bdb564f
- SHA256
  
  f63460da44e2f71c237b2555eda621c8c211c13ae68927c27ad121f03daa0599
- SHA512
  
  2686c406b29750ee39b83247e4a4e6a0ce3325c1284ea11fc986696b43c672eeb0c5259c4834e4419c131941b9d1d35e53b05606168c766d27a614f49e223dae
- SSDEEP
  
  3072:2ZUwY/TAN6sXspP2eIbFNMEu3RTD5014CQ4WmHwMa4AtRRYfNJZIFyX9a30OKSQs:2ZUwYMNeVhfIS09ddv5ieUIK
Score

3^/10
behavioral31
- Target
  
  ReadME.txt
- Size
  
  99B
- MD5
  
  1026f204cbbaf657e686919a30b9ff9d
- SHA1
  
  769fbf18904517350d4af5a33652fc1b8186ec13
- SHA256
  
  a185fa28d85d680fa08469d5b96d34d8dcf72649bcb0779862e23596f7de7415
- SHA512
  
  b1b5d2f5af82ffc810fcb699f0eba055a74c8530d3fa5abfbb3dff5aac53015bde44948875267b7300a5d446427273bf29d8945cb55c6e64ce4072bff9d32e70
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Rhadamanthys payload

Rhadamanthys family

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32