Overview

overview

10

Static

static

3

[1.3.2]Kol...64.zip

windows7-x64

1

[1.3.2]Kol...64.zip

windows10-2004-x64

8

RefinedPark.exe

windows7-x64

10

RefinedPark.exe

windows10-2004-x64

10

$TEMP/Expectations

windows7-x64

1

$TEMP/Expectations

windows10-2004-x64

8

$TEMP/Oral

windows7-x64

1

$TEMP/Oral

windows10-2004-x64

8

BeginsLenders/Acm

windows7-x64

1

BeginsLenders/Acm

windows10-2004-x64

8

BeginsLend...alyses

windows7-x64

1

BeginsLend...alyses

windows10-2004-x64

8

BeginsLenders/Assume

windows7-x64

1

BeginsLenders/Assume

windows10-2004-x64

8

BeginsLend...vering

windows7-x64

1

BeginsLend...vering

windows10-2004-x64

8

BeginsLenders/Famous

windows7-x64

1

BeginsLenders/Famous

windows10-2004-x64

8

BeginsLenders/In

windows7-x64

1

BeginsLenders/In

windows10-2004-x64

1

ParkerChic...ts.cab

windows7-x64

1

ParkerChic...ts.cab

windows10-2004-x64

8

bin/Calibu...re.dll

windows7-x64

1

bin/Calibu...re.dll

windows10-2004-x64

6

bin/Calibu...rm.dll

windows7-x64

1

bin/Calibu...rm.dll

windows10-2004-x64

6

bin/Calibu...ro.dll

windows7-x64

1

bin/Calibu...ro.dll

windows10-2004-x64

6

bin/ControlzEx.dll

windows7-x64

1

bin/ControlzEx.dll

windows10-2004-x64

6

bin/ControlzEx.pdb

windows7-x64

3

bin/ControlzEx.pdb

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    [1.3.2]Kolis-UNC-x64.zip

  • Size

    11.3MB

  • Sample

    250210-cl4dlsylcn

  • MD5

    f36d673004591e8afac8e6f3dcb83d39

  • SHA1

    c6c5f239668addc3ee62f0f6d9d46092ad0c4075

  • SHA256

    1321db025220abad2a2976f4ba466c592bfea847e43e754acb67033ab89100f2

  • SHA512

    dbf6d9ba896f982814ebb3a40900a8f36af033bf4f96247ea5faeac147b418bb3a197afedbe0876702bd38b4f64a4a2990916fc52001ff05c70f099db5e7b224

  • SSDEEP

    196608:m+I38SXGfG/lOvaXIEkDad8iICmqi7QzEa8gE0+2kNzdDfvDEm0i4z9I6XRDS:mfjd8WIXDw8lpqGU780+dFfvII6g

Score
10/10
rhadamanthysdiscoverystealer

Malware Config

Targets

    • Target

      [1.3.2]Kolis-UNC-x64.zip

    • Size

      11.3MB

    • MD5

      f36d673004591e8afac8e6f3dcb83d39

    • SHA1

      c6c5f239668addc3ee62f0f6d9d46092ad0c4075

    • SHA256

      1321db025220abad2a2976f4ba466c592bfea847e43e754acb67033ab89100f2

    • SHA512

      dbf6d9ba896f982814ebb3a40900a8f36af033bf4f96247ea5faeac147b418bb3a197afedbe0876702bd38b4f64a4a2990916fc52001ff05c70f099db5e7b224

    • SSDEEP

      196608:m+I38SXGfG/lOvaXIEkDad8iICmqi7QzEa8gE0+2kNzdDfvDEm0i4z9I6XRDS:mfjd8WIXDw8lpqGU780+dFfvII6g

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral1behavioral2

    • Target

      RefinedPark.exe

    • Size

      1.2MB

    • MD5

      453b9025751fa5355ed67c1f6cbe1efa

    • SHA1

      49ca04b3dc7687e9d36186ef2fc653f533c0208c

    • SHA256

      7f5fc20be70d80e43bffe9a8027a18882425ef89d3f65a5b886d899e7389c3cf

    • SHA512

      fbf3e875341b009160b2f8604bd34d01365f71087e5f2835451f5819ab20c4b1018c541b8715fe7cb1cf2d4f7e155c03fa0e2822e0fc5e0f8acf9997a8e330cb

    • SSDEEP

      24576:4iRT+LL3pjPIbbZfrm/HVKXuIjqXxGMKjjmKM0wnOZgeZUyDefZyqnhB1dq:RSJj2frSHVKeIjqXxqjqKM/eZFqfZnhA

    Score
    10/10
    rhadamanthysdiscoverystealer

    • Detects Rhadamanthys payload

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Rhadamanthys family

      rhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery
    behavioral3behavioral4

    • Target

      $TEMP/Expectations

    • Size

      92KB

    • MD5

      5ed0db2f11a52001511714e0c5fe82a3

    • SHA1

      248363dbe5a7d6c3874d40a3cbd7022ece583973

    • SHA256

      7d6b112e526b4c38e92b9cbd5b42bb4076f28a543575ada511bfc19163337541

    • SHA512

      dbb9fa94f48ac4b4d65f28c103a2cc6e6c7ff97a05e21d452d57264e34ad04cf4a8592121f5d2089ffa685970fd89bb6b8ad0db2513c495e8da62f0703bd8892

    • SSDEEP

      1536:gvJvGgP/MSQFgS2ApZDJROu7azWVEzNMyXGrstHwVx+uQBtwPnY9Ym/rH87ej4Ad:+Pkt/vJ73OMcGrs9wxHgcY6h7eNJGQ/

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral5behavioral6

    • Target

      $TEMP/Oral

    • Size

      67KB

    • MD5

      06d65e2f20ca6f260acfe954bb581eea

    • SHA1

      2ca99096eeeb280c99b0897ba5f95b9480db8a2f

    • SHA256

      b1717ff5657d4112d3890b3f474d5d9b792d721a2a6c2bcde53f43542a079b0e

    • SHA512

      886e5d0e3c67fc327fb4ed0da7a1112080cbfa982be69249da20f883f1f4759df4ef1d79da262910c9d7ba02c9155eaa7da80d391da1069b2e158d560f1dd5a6

    • SSDEEP

      1536:7hult+eDNjBiSI0E8TfPsu0UXV6VyhG2yGb6MOvux:G+2jBiS1EYPsBUX4VZ5Lk

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral7behavioral8

    • Target

      BeginsLenders/Acm

    • Size

      57KB

    • MD5

      edda68d179511e9e1c25ee904d3100e3

    • SHA1

      cd115275bf0b70d0847a90b4c2655f9dde977e9a

    • SHA256

      e99deb62e3fafda98935536978f88738987e50036373c10f2c6aeb314f3d42ac

    • SHA512

      11b4315681e385bc12b770e0a3b81fe69480b00cd48cc4232dd581b2a85a4cd1d32eb5dcf8e95441f440cef0176899cd9002b6937499aa942b059f0cae5ba3cd

    • SSDEEP

      1536:cNQHY5XxstzElzst9hyQE4SaxSPdQqBS4Qaee41vL:cNQHYTEwscQE4SakFQTe49L

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral10behavioral9

    • Target

      BeginsLenders/Analyses

    • Size

      61KB

    • MD5

      b3aed5008df325b6571167b4df4fc588

    • SHA1

      f0bc12c34cf314e5cae7d5fbfc222926b524f5a7

    • SHA256

      ed9f8957a3e74e5862a6136eef674f048a2e9f5f609ae0da59f167ef9a7bc48f

    • SHA512

      d62dc2f5393cbfc71d126d5b1660641c0c92d005ac2d61125a47eba5252dc21e1ed1b9fe48efc1dd2a0443d91bdbcd36c0d57c6251a7ff662db5506650e5f739

    • SSDEEP

      1536:j6iR40flQp+6lDYVN4ZChbfC9p823bZ+FNiN1KyJurvc:+m40eA6lDYLXSKybMFNi3KyJivc

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral11behavioral12

    • Target

      BeginsLenders/Assume

    • Size

      55KB

    • MD5

      4ab79b1d36ef4ced4ded38171df6157b

    • SHA1

      5b9fdad4d87b91bad827336e6a970115a3fcccee

    • SHA256

      82efa70565d0728b085307d5462651391a3f057b07727aaafb553859287075e7

    • SHA512

      e5609548a63adeee3d49d390af504a48266b5a67d2c3bac164630696f54c7cb0d81bbd6673358eaf5e34f84217714b8fddbb9b359c4a40d702b4c81e457da71e

    • SSDEEP

      768:BqjLQl/viqVEIh6kO8+DoGjazYhDvGq/E1WWnMpUltFQMSrDj7BOMeqxrj9hUUvv:BNl/vJV7bMhSskQQpSrfreWFeUvc1KL9

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral13behavioral14

    • Target

      BeginsLenders/Covering

    • Size

      51KB

    • MD5

      30e0d7b64c42491739a18ca0eeb28005

    • SHA1

      846074a5f67efd8f39f9c64acede970c9bf6ae27

    • SHA256

      2584e49c5ddae4723d36494ffa8653ffdbc44280ca3b2fc281e949ded23d8155

    • SHA512

      9566955cb8a1ad46e81b2ddd15faaf559d49da83530b6738c03592c802df6af8bd2a825ccd8a4e4ac77c3a8d3ea0bc8ef09f5f029d20cbff596af866bd043f00

    • SSDEEP

      1536:OfcuhF5V7YgEet576MKQz7YkSrv8UEv8kpADJl:OftZKg1t5eW7EoPvCj

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral15behavioral16

    • Target

      BeginsLenders/Famous

    • Size

      59KB

    • MD5

      5d4272f92fc05993283da0138af4e91c

    • SHA1

      c6bc60ca48284792f26a7e3f4d073f4d6ea7574a

    • SHA256

      98d848f7d8f89f86a2a52595f3b45d28df589d136b828a3e405a191e03f9fb56

    • SHA512

      387195ee786f02c1e2e8b3e9ae5cfbbec9b29766b9a5613d047411bd23f001e380e5ae78cd8620f31495aa45f47f8ffe6450947c1117dc255b616ee8aaec54fb

    • SSDEEP

      1536:zgSxMtOfTN0dputGR8sIVBtW+RChdkLoVt3L3itTiDLnBOs:zgsTQRYHnQdkLG3QTiPos

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral17behavioral18

    • Target

      BeginsLenders/In

    • Size

      21KB

    • MD5

      445511189e1b268672bf67f91dcf145e

    • SHA1

      3a384312a831e4266135b6cb6a2eeb49e0a64608

    • SHA256

      07c1e4fd96e0227a92a38eab33a753a29d63b2972f7befb9e93d6b5212081aaf

    • SHA512

      50bfd5b60e15df9bb2e50b33b4aa4e93b14da9f73e290aeba15da1b8364dad13994c69554eea4dc615fcca74b951e1259d343ce45d4b519f770f4ebe9e8ecb3c

    • SSDEEP

      384:Va6IOnFJsaYadU84SlthyqgE0aKqL59MT+MwCgSMhcU3GIaot4s:VhnvYadU4lp/08M8Cg3h53moqs

    Score
    1/10
    behavioral19behavioral20

    • Target

      ParkerChicks/Elements

    • Size

      478KB

    • MD5

      5573e33d96e3b1a26447e1bdbf938686

    • SHA1

      74161f0483a7dce6512a73671c13b0c9401817c4

    • SHA256

      11da3303d858ea832037872753113f99884ec321ff77f09c081722c3af6fd1e8

    • SHA512

      77ee57099ee8c3804e94d8c83828f4a09c3d21f276dd0ce71ce6714aa44cc4960a0a08193a909630b338ee006d0ad9429a99ce1ccee84f4e7686f86ff7cc963d

    • SSDEEP

      12288:H2xsJF/UcUrjWYjviwB+fRLotf3XpMConR:H2IUcUr/vbB+fRLot2

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral21behavioral22

    • Target

      bin/Caliburn.Micro.Platform.Core.dll

    • Size

      24KB

    • MD5

      2cf4d7145490233066ec102d84588aae

    • SHA1

      2a0d611326802d348be2ff05d0bd285e060cda6e

    • SHA256

      965524c9dec9b7bddeaa2cadf861b99a1dbd67365f127b0d915a78a71bffd977

    • SHA512

      3e19b2951734d8717bba0d3e4d759d6139473d583554ea98ec0e4098d39ede581fa3a160437a1d16ccb65bfa638bb0665f0ad5ea3660a374c285e831f08f0dd6

    • SSDEEP

      384:M+ngaSI86FOpNGf02aRtxC/XalFr0M0mBINyb8E9VF6IYiTPxjGIOym:M+gao0mZLlFrdqEpYiTPxxe

    Score
    6/10
    discovery

    • Downloads MZ/PE file

    behavioral23behavioral24

    • Target

      bin/Caliburn.Micro.Platform.dll

    • Size

      91KB

    • MD5

      0c2d782474cb1bcce5d13809f3d830d2

    • SHA1

      3df461fc544757490a4268b46c9dbeda00858a54

    • SHA256

      e2253ab3f6c0db3a2fb090cdeeb1801a28c95586da27f20d7f685076f761b666

    • SHA512

      a3b0cd7bc38a3c3fd3570a20bb4f9394fb52652be36725944729a6c5c2a50c944ac6e9c49e39dbb67da29c9820ce366d370210d96dd863d003de7b78401d718b

    • SSDEEP

      1536:EcKhocw6c8Jjy1WKOXDCh4j7jrf/1W35aUGJjyNjbFdHIGP0aqdq7TPxxG:EcKhocw6VNyEDw4j7jj/0RvHFP0LqfxE

    Score
    6/10
    discovery

    • Downloads MZ/PE file

    behavioral25behavioral26

    • Target

      bin/Caliburn.Micro.dll

    • Size

      70KB

    • MD5

      b7e5bc6e43d9055fdae0e30e9799e3ad

    • SHA1

      be3d6bc6c55afca49b2c2dee042df24d103db435

    • SHA256

      7262c0c36fca34271a5709d7d9413f48618f71358d38f0bc8ecffbececac5315

    • SHA512

      7ea5033cea83a5fb960e31363004652caf44b4a28398a1c968b3aa96c74d301f2f353228e89b2381c7244a50b29818249208de5afa4f1ad4747c4dcdc242be93

    • SSDEEP

      768:tMfKCtfijb+u4uOltm2JUUPzpu32XuSeqbPfhd+UdyFR37dtQYcqAEGXMRowpdMh:0pu08KDdPdiR37456Gcu9CvC07TPxxyB

    Score
    6/10
    discovery

    • Downloads MZ/PE file

    behavioral27behavioral28

    • Target

      bin/ControlzEx.dll

    • Size

      212KB

    • MD5

      3abecaacebc927cdf23b2c011df8d40d

    • SHA1

      4ae0341396dbaab4419a7f9fa1f4221a7ba87c41

    • SHA256

      5fe189188709877514a38841654677eb326760e0dd1066917387864909bfc675

    • SHA512

      4f960a786442ddf0156a7f3b789fb5069ab52ed1a9158d2bfa52767a8e8778d1d5c3e1df6c90b998a15a4a5b15319949296c09ef5bb192c7b375c94347910d11

    • SSDEEP

      6144:VuH8Cg4Uye0pW8WLawepY8OQk7pqV3Fva4+TP:O/vXcL5

    Score
    6/10
    discovery

    • Downloads MZ/PE file

    behavioral29behavioral30

    • Target

      bin/ControlzEx.pdb

    • Size

      685KB

    • MD5

      95ad9dc53d104d709ee179d85ce83def

    • SHA1

      c7bed5d7fe6421c547c4cbde7c986984cd6aea21

    • SHA256

      b46feb5b41a16f6dcf37001f5775ba59a1e4cf9eb7d0665f1724b917c30a3983

    • SHA512

      3e5593f2d573b3a5bfa05408d409c2d562c90dd700b98b9c8a63454249ed69f71add820e1a0ec71b009ba05ce4f438683ec5e0ae99a27be2df87af66e11b5981

    • SSDEEP

      6144:0pr12iW1CzyRJywCHyL/+/d5Zbk3RCLhr2a9fucQaVK60RyOKpvDi2jf5sxpr12d:0ph12XyhH8pxbp60cpcph12XyhHNr

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

discovery
Score
8/10

behavioral3

rhadamanthysdiscoverystealer
Score
10/10

behavioral4

rhadamanthysdiscoverystealer
Score
10/10

behavioral5

Score
1/10

behavioral6

discovery
Score
8/10

behavioral7

Score
1/10

behavioral8

discovery
Score
8/10

behavioral9

Score
1/10

behavioral10

discovery
Score
8/10

behavioral11

Score
1/10

behavioral12

discovery
Score
8/10

behavioral13

Score
1/10

behavioral14

discovery
Score
8/10

behavioral15

Score
1/10

behavioral16

discovery
Score
8/10

behavioral17

Score
1/10

behavioral18

discovery
Score
8/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

discovery
Score
8/10

behavioral23

Score
1/10

behavioral24

discovery
Score
6/10

behavioral25

Score
1/10

behavioral26

discovery
Score
6/10

behavioral27

Score
1/10

behavioral28

discovery
Score
6/10

behavioral29

Score
1/10

behavioral30

discovery
Score
6/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
8/10