Overview

overview

10

Static

static

10

HadesUNI.exe

windows7-x64

10

HadesUNI.exe

windows10-2004-x64

10

SerialChecker.bat

windows7-x64

1

SerialChecker.bat

windows10-2004-x64

8

spooferconfig.dll

windows7-x64

10

spooferconfig.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HadesUniversal.rar

  • Size

    1.7MB

  • Sample

    250209-xrrl8azmhw

  • MD5

    6f80dd784084784fcb3a21179ed55cd9

  • SHA1

    2e5598e1666ea0a5e668278cb4bf84a8baebe54a

  • SHA256

    78e307499e35be21cbc246097a8cc934256a47d4a5435df84216567b7848e54e

  • SHA512

    4a7f7e12352aedab6bf052eb821c0fb65ba1b796eb7597e7ccbce0a1f067ef9f5e45018cf35c38b28ba5c17c8121fec05d202b7d9a61068496ec066298f8e9e6

  • SSDEEP

    49152:W7DlvSIC2mZac6BYfX9gUmGMP0xBiMh8Y9Yx3uVgb:W7D62+nPXfnc0riMfmxeVgb

Score
10/10
rhadamanthysdefense_evasiondiscoverystealer

Malware Config

Extracted

Family

rhadamanthys

C2

https://95.214.55.177:1689/e21adcd5478c6d21f12/dghnfgbn23.jgk3092

Targets

    • Target

      HadesUNI.exe

    • Size

      479KB

    • MD5

      c1f2e3bcca3b445e39344617d26932bc

    • SHA1

      a14dbe0419d1f3da86c082e455ac34c755094969

    • SHA256

      5773216e3a9c0120fb5b08108b22ca4e175b2d4aa66107e33e72c95e283e8280

    • SHA512

      31887f20ffe81a1a9d7d9c85542571f93ab9039501ef257acc7cfea221ce075ab2be9efde60175454a67cbcf945568ef00545027d2b6caf1f020396556919238

    • SSDEEP

      6144:pTNlPsSiE0grIlHAjNL7S1AtKZnbr8qz6xzS06d17GQxAAXcpGZ5wIzkyOD+lRXs:pFR0gsAjNL5tQbr8w6xely1JcXgDsLm

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Downloads MZ/PE file

    • Deletes itself

    behavioral1behavioral2

    • Target

      SerialChecker.bat

    • Size

      11B

    • MD5

      7e5c936e44ba6e938f9e3ee0f66ec674

    • SHA1

      f6fdaa4b2511fee00d83b67aa30cbe66277ae2f4

    • SHA256

      19148660e2c830c9b826b4f21d7cfeec034869b539229b7f38f2eddea6e7cb32

    • SHA512

      6b84ee18c42aa35a62edd7dc0ed15f87d63a9061489f5bffec24ba3e265ebee604e65cfdf72ab8730b53e68efbb41510bf59e3c562702ccad8aa5ab7f5a671f1

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral3behavioral4

    • Target

      spooferconfig.dll

    • Size

      6.0MB

    • MD5

      f553ad722875c02d5b45f5c975ceb771

    • SHA1

      867f41aa5b67cf7e15e3efe6cb4360f8f415fa6e

    • SHA256

      35f12093577d9c58fe7858ca26a935aaf409269057a9a8bdf975693d6dfe208a

    • SHA512

      041924f9a64d626d1a3b7111de968f11cc08d384b9dcd47e832744bc195d71d6f58bf06cc9f14fcf31a2f1490230779d9a1afd70e8eb836424fd14d59e6f663b

    • SSDEEP

      49152:Z9EWdahQOLgGyX6lRu6vz3ZLZh/qNwffAj3g/bTqSk6Fi0Lp5eo0Jvn:DaNFz3Z3/lgQ/6Sj5wv

    Score
    10/10
    rhadamanthysdefense_evasiondiscoverystealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • System Binary Proxy Execution: Verclsid

      Adversaries may abuse Verclsid to proxy execution of malicious code.

      defense_evasion
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks