Overview
overview
10Static
static
3Nový WinR...iv.rar
windows10-2004-x64
7Additional...32.dll
windows10-2004-x64
3Additional...64.dll
windows10-2004-x64
1Additional...rs.dll
windows10-2004-x64
1Additional...64.dll
windows10-2004-x64
4DLL/D3Dcom...47.dll
windows10-2004-x64
3DLL/Qt5Core.dll
windows10-2004-x64
3DLL/Qt5Gui.dll
windows10-2004-x64
1DLL/Qt5Network.dll
windows10-2004-x64
3DLL/Qt5Qml.dll
windows10-2004-x64
3DLL/Qt5Quick.dll
windows10-2004-x64
1DLL/Qt5Widgets.dll
windows10-2004-x64
3DLL/browser.dll
windows10-2004-x64
3DLL/libGLESV2.dll
windows10-2004-x64
1DLL/libcrypto-1_1.dll
windows10-2004-x64
3DLL/opengl32sw.dll
windows10-2004-x64
1DLL/ucrtbase.dll
windows10-2004-x64
1FileInstaller.exe
windows10-2004-x64
10General
-
Target
Nový WinRAR archiv.rar
-
Size
24.7MB
-
Sample
240609-ly26raha6x
-
MD5
7304908512b2f18413cdd48c453fc263
-
SHA1
8b5a1ebcef9bf6c24af8b57a639915fb9469a4d4
-
SHA256
a14fa40b174aa50e6ca01dcf32a346c1eae8737eb6ed93a558cdeb601b86986b
-
SHA512
c23776251f46dc45a890ac68412443aebd1b1001db1a06e6c105967b8d7a2722294b00ad7aae55764accf54e85c518b12b1e5e8cb3674f6468bad7faba7df509
-
SSDEEP
786432:CygOeu/rQi7AOseY1lg2uK6UUaIsAKUU6jH:MOehi/svm2dUaIJH
Static task
static1
Behavioral task
behavioral1
Sample
Nový WinRAR archiv.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Additional/CiWinCng32.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Additional/CiWinCng64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
Additional/bdfilters.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Additional/bdfilters64.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
DLL/D3Dcompiler_47.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
DLL/Qt5Core.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
DLL/Qt5Gui.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
DLL/Qt5Network.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
DLL/Qt5Qml.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
DLL/Qt5Quick.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral12
Sample
DLL/Qt5Widgets.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
DLL/browser.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
DLL/libGLESV2.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
DLL/libcrypto-1_1.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
DLL/opengl32sw.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
DLL/ucrtbase.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
FileInstaller.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Nový WinRAR archiv.rar
-
Size
24.7MB
-
MD5
7304908512b2f18413cdd48c453fc263
-
SHA1
8b5a1ebcef9bf6c24af8b57a639915fb9469a4d4
-
SHA256
a14fa40b174aa50e6ca01dcf32a346c1eae8737eb6ed93a558cdeb601b86986b
-
SHA512
c23776251f46dc45a890ac68412443aebd1b1001db1a06e6c105967b8d7a2722294b00ad7aae55764accf54e85c518b12b1e5e8cb3674f6468bad7faba7df509
-
SSDEEP
786432:CygOeu/rQi7AOseY1lg2uK6UUaIsAKUU6jH:MOehi/svm2dUaIJH
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
Additional/CiWinCng32.dll
-
Size
2.6MB
-
MD5
23bc06067a83155d329d330c3b018223
-
SHA1
f7fadcdc733d0b74706d270724a45c56e8486d6d
-
SHA256
ce67945c1f951d38aa65440fcb5145bc9bac340ac1b23ac2edb91ffd2c13536e
-
SHA512
16bb0c60dd139017494a78ec7cfeac23636c623dd30ae4a4350da463e88502e791ce55f7db17426df6248cffb1187eb261da275043a09aa992b27dadfb656f50
-
SSDEEP
49152:TmpDEkl6TwVeoZItytWBlz0tPsvOby8uvCDZGUfITVbBSd4:TmpDEg60UUoytWT0evOpxm
Score3/10 -
-
-
Target
Additional/CiWinCng64.dll
-
Size
3.3MB
-
MD5
cc9393adf63e1d1cb7ab6deb7fd73e1c
-
SHA1
1f8386a6171fbf0f7721daf737bc812225da7800
-
SHA256
c1596b987462edfcae5895d7dae2552e4cc737a2419da46c2e6911cc91b41c08
-
SHA512
04ac90229fc7e753054725bbdd78681415b39c146d65f50e656938c2c5a56420bf9ad8c384d482f5066d94932e1c4a745faa8fb506e6a43a088772dc91572631
-
SSDEEP
49152:zfIU6iPVwASO8GtlqaHIPxy/iME+8fRFnuq2bG9G5XozWGmVXUK50TC6Zm+qbZKu:8+FPisw0VXUE0TLDv0zojYZ
Score1/10 -
-
-
Target
Additional/bdfilters.dll
-
Size
4.1MB
-
MD5
ed730387fdcd684b756601b863c47417
-
SHA1
c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde
-
SHA256
9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5
-
SHA512
e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f
-
SSDEEP
98304:Xl4qYuQxqYfHYosUiJovT7DBmmhjSF5og3Vk9O0KChvvvveo:XuqYuQxqYfHYosUiJoviVKvvvvJ
Score1/10 -
-
-
Target
Additional/bdfilters64.dll
-
Size
4.6MB
-
MD5
13f7a29baa1e04f74151737cb71bd0e5
-
SHA1
0bc8682c6c96923a729aa6239aa53d95221b13ab
-
SHA256
008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d
-
SHA512
4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8
-
SSDEEP
49152:MQJ/D3PQxTTvfwBvvfrsdBD3PQxTTvfwBvvfrsdBD3PQxTTvfwBvvfrsdVDYPdxv:VJTjWDdLhiapD88SiQZsvvvvC
Score4/10 -
-
-
Target
DLL/D3Dcompiler_47.dll
-
Size
3.3MB
-
MD5
c5b362bce86bb0ad3149c4540201331d
-
SHA1
91bc4989345a4e26f06c0c781a21a27d4ee9bacd
-
SHA256
efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f
-
SHA512
82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd
-
SSDEEP
49152:PyZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQ6:E9fWAwVBC8MH2JNSF8+YPsXqUT6
Score3/10 -
-
-
Target
DLL/Qt5Core.dll
-
Size
4.9MB
-
MD5
aa6ce2c97b80c323cbe9f86dbd6d263e
-
SHA1
089f6915aa650b0cc7dcc53a7e4365310523dd68
-
SHA256
85e29fd8a95f23a8af5ed0d0e93d18fcc30f95affbb75a1fcb20b873e8e5d8b0
-
SHA512
dd3e1684306624dbf0398021b1fa8833a348dec9271b5eb224c9a59877f832ce1aedb9c4f6ef84c061bf3585f3a5628e9f49296deab542b36ae3fa2230f3b417
-
SSDEEP
98304:D/cPFLQEJuMEGJsv6tWKFdu9C9Ed74Gx80MEcUsk80MEcUsk80ycUsk80M6Ou:DsRJsv6tWKFdu9C9y7g
Score3/10 -
-
-
Target
DLL/Qt5Gui.dll
-
Size
5.2MB
-
MD5
0906103e25f7349766fc6025c491aa5a
-
SHA1
350589ec1f12ba5f65afc263c10243e10a362287
-
SHA256
ba869785c14c4ace0924c123295a503a59cf90cc4da68e0c61c47187b3754fe6
-
SHA512
ab28b7c562a342c8cbc1dad5290c2c9d2e0678de871f8ae71163fdc6bd7458084481f84baeff3349f9f79c5f07fa3e20cea4553b163fcbec75709ddf599b808b
-
SSDEEP
49152:QxxOt5RYfb/yCBXDCiYERf8ogtACsw5FvH3CjsE7d9oDCCGCdBEtq01zN+p6G6n7:TdEHBXWiYERf9gtACTv+7d9oDCCGQpQ
Score1/10 -
-
-
Target
DLL/Qt5Network.dll
-
Size
1.0MB
-
MD5
11c016d03aefc9e124828cb7cd775cf3
-
SHA1
cfdcf0bf5834e507cf87c7e283d14a7c89aa2628
-
SHA256
10fabe35ca0b0b9c35c2f618c801fb999bde09572a7fa10415b2b3f6b6470a7d
-
SHA512
87cc26fee8033ce638828fb773f62704f48a20c042faf70c9f97e9f1d76a09e6060c818ad2d4cd6cccaf4464fb23e9bcfc77d53a6f24415aa0d83455260ce36d
-
SSDEEP
24576:rC99Z7u86aKFihx3g1J6wr/zv+p6FhvWFCS4XaQli:v86aKYNaGqhecXN0
Score3/10 -
-
-
Target
DLL/Qt5Qml.dll
-
Size
3.2MB
-
MD5
bd0157711ab3d30948b0d3c940495200
-
SHA1
12688c4bbe9645ffc25e5c8fc2e303c5dc82dfc8
-
SHA256
f04f46132e2cee2ecef4ea413e994c628357d00b18bb4990cea02d96300bfedb
-
SHA512
8e10f1e97b3d8f5030d61999e851e3c434bb07cdf7dda98d2e9bc7eba50109c2ad4961056959553ccdbf3d0e396a9190a9393e25d8315c9c8cf5f590efc31bc8
-
SSDEEP
49152:FPyvoCUK/AsNkNqzAsF+/jSB7U39xNd2kuLR6cnWpCY7P:JqoCswzG/je7OxNdDT
Score3/10 -
-
-
Target
DLL/Qt5Quick.dll
-
Size
3.1MB
-
MD5
ff3b9e5a3aeb7a141ae287b7fd197046
-
SHA1
39d1c3549afade1bd06c12608ed50e6c5bb80e86
-
SHA256
c91b3b9e3c32535f1f9389fa88f8b9a172fc389d1d3f953d43347bc5c3f67ad3
-
SHA512
fdc8398661d8a227e2e15adb1bb9429009b239ab0018f4ba6bc8c0ae9876b8c52a648fd96a27189032c33b3595214b45a710deeedc63bea28db1a8ed10ea07c9
-
SSDEEP
49152:R7fxohp1giw6HbE6cpzF4o9kbxLk3z/KxBhwTFC/:Dohprw6HbE6YyoO5/hwTFC/
Score1/10 -
-
-
Target
DLL/Qt5Widgets.dll
-
Size
4.4MB
-
MD5
07b30ed72326c030aae212224034bf28
-
SHA1
13283d6bd5e953a298ea2dd095bedb239dcd7961
-
SHA256
fae1cbde9e10955e8b0ff414e64020be20bf9d1d62e7c583b4510b60f363faf0
-
SHA512
228bf5d5adac1e6fb8eb4cdc75d60f44d1c81c2e5f44d1f04bb3929a06fc2ebbe33bc634a90d593d5892f75121d96a680fd988cb0b462bed82db7183c936fbf4
-
SSDEEP
98304:QvFOYikKmlkpxE5G2qWIWhZIsC6C0DH2DEijycRoe+KbD/Mb7C8I+b2fGA4MgHQk:ZSZpcRjgVb6Y
Score3/10 -
-
-
Target
DLL/browser.dll
-
Size
22.6MB
-
MD5
5f9d4bb9ac9fed4b2152285eb293d1dd
-
SHA1
a3d05e0025c2bc43dd19735f5758d570296a9f76
-
SHA256
00831d7832f41f62f36bf61f4695892d07ba4ada2466e165d8816c56fa8adefa
-
SHA512
367cc9189c9f3e83381d1875b5921bd1883dd5256494a103d80d3689b863f1a39241d9012db7e5d882161ca92b6bc1fc417d7fec0ada8e7c22f49826166b014c
-
SSDEEP
393216:3WxBCnwwNTPYDrvjf1Dv0te6J+IsGD6h4Gx:0cnwwNTPYDrvjflv0AGfy4U
Score3/10 -
-
-
Target
DLL/libGLESV2.dll
-
Size
2.7MB
-
MD5
847688ef0fd9d811cefe0a4e95bf4a1a
-
SHA1
deb8a8a75c07cea316c3b1c145a20b9d357a277e
-
SHA256
20875405f90609a2d6023ccd51b063da6750bd8db1720bd09e8b4fbb65d034f7
-
SHA512
d4a88ce3f24e65de8092929099fe303557ed1b1e58ae82dc59a617fe27c0595db2f3a7e5598c53c67b6fe5d23e43dd36efb37aa35a8f67036b9e4fc7f49209cb
-
SSDEEP
49152:AOdBHA+8YIQe/dC0sycRJxV/NVlL7O01rSj/+CLWq:rVVI3djuxV/Nbvi
Score1/10 -
-
-
Target
DLL/libcrypto-1_1.dll
-
Size
2.4MB
-
MD5
0399619c3a5fe9ed498af787cdc10f15
-
SHA1
23d7b48d4a99d18b3d6987b9ffd9ad5ff8f3498a
-
SHA256
fb5071bdfbfb59fb1102ed7c159edfb291e90d08c864ea4e372415192da19fc2
-
SHA512
0dd63c0f54a7228b8641f7c0d33f8b7051315ea9da53f48ffc3c9ff78a43cb31406585962f0d31eef1f85013c50279c30efde41672e18794e723c37226eca44d
-
SSDEEP
49152:1OP07cFnh1xocCIM0iZKtv0Zj852z1CPwDv3uFfJ10stT:1OP/450isaZj8Ez1CPwDv3uFfJ1
Score3/10 -
-
-
Target
DLL/opengl32sw.dll
-
Size
15.3MB
-
MD5
8b197f55264a44b7b25046f7ba5bd7d2
-
SHA1
cef69e168160968e00ffffa136e1af7819e7c0ce
-
SHA256
25ae7577e066fa80519a8f1c314b15cdd22e4a8d3ecd2a36eccc79e40714a91d
-
SHA512
6af2b1b17a7e3460099359a6750221aacb8f9ce0e80b346dbafd2cbd8e579543b980f98e0aeb199e0781a045c9d6a7f2f11c8628f960c13550328487b7fa9154
-
SSDEEP
393216:rNkEXgt/UOdyRLjqkmbBDrta60HYUnuedxO0g//NuPyEMO32ovq:rN1QtXdyRLjqNbBDrta60HYUpO0Q/NuZ
Score1/10 -
-
-
Target
DLL/ucrtbase.dll
-
Size
1.1MB
-
MD5
29c9f59033067b7d9465318416ce9902
-
SHA1
e262dfb76103322f12bc7b87507cb45b96459818
-
SHA256
7e1943a3fee74db5564b3f96007bd997bc3e8248b45b27baa88d5ddeaef55737
-
SHA512
d38bd0566305c160fb078c0199cd1b1868ecbf7b271f1efb5a592528503e05381b2e949ea97259ed9155da5ce6234c3ceb81e8271614970cc4704100f9bb0dc4
-
SSDEEP
24576:a2VZfeZo4IBkvV8+IVzvwybovtH+JNe2rx9/DK706yyfmcvIZPoy494H77xp:NVZxXwybovtH+X/Da06f4nxp
Score1/10 -
-
-
Target
FileInstaller.exe
-
Size
102.0MB
-
MD5
0dcd6d29ce1ed0448b7cd946e7858611
-
SHA1
e938dbff736ea13453da389ebd944dcb28bb4e22
-
SHA256
e49912beac8783d8d815e2d85019d98819abdabcde1a5bc6f3ce93a5a467ddb9
-
SHA512
7fc04b03bb3ba119e1bc13ffe288cab016a63011fa4c7ca3ee063f11e2323696374009baaca8bbef9ea556fddbc65891a6c60960b82982fc7c7c1bb52c7faa0c
-
SSDEEP
12288:MUZ6c25lke0kjcwIdfx5j+uvTJkDRGGF1qLF8yXPeJDBT79fLsaO:ZZ6/wTgcwIdDHJkfAF8gPerT7uaO
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Legitimate hosting services abused for malware hosting/C2
-