rhadamanthys

Resubmissions

09-06-2024 10:21

240609-md1b4aaa48 10

09-06-2024 10:08

240609-l6f89ahh46 3

Sharing

Copy URL

Twitter E-mail

General

Target

Nový WinRAR archiv.rar
Size

24.7MB
Sample

240609-md1b4aaa48
MD5

7304908512b2f18413cdd48c453fc263
SHA1

8b5a1ebcef9bf6c24af8b57a639915fb9469a4d4
SHA256

a14fa40b174aa50e6ca01dcf32a346c1eae8737eb6ed93a558cdeb601b86986b
SHA512

c23776251f46dc45a890ac68412443aebd1b1001db1a06e6c105967b8d7a2722294b00ad7aae55764accf54e85c518b12b1e5e8cb3674f6468bad7faba7df509
SSDEEP

786432:CygOeu/rQi7AOseY1lg2uK6UUaIsAKUU6jH:MOehi/svm2dUaIJH

Score

10^/10

Malware Config

Targets

- Target
  
  Additional/CiWinCng32.dll
- Size
  
  2.6MB
- MD5
  
  23bc06067a83155d329d330c3b018223
- SHA1
  
  f7fadcdc733d0b74706d270724a45c56e8486d6d
- SHA256
  
  ce67945c1f951d38aa65440fcb5145bc9bac340ac1b23ac2edb91ffd2c13536e
- SHA512
  
  16bb0c60dd139017494a78ec7cfeac23636c623dd30ae4a4350da463e88502e791ce55f7db17426df6248cffb1187eb261da275043a09aa992b27dadfb656f50
- SSDEEP
  
  49152:TmpDEkl6TwVeoZItytWBlz0tPsvOby8uvCDZGUfITVbBSd4:TmpDEg60UUoytWT0evOpxm
Score

3^/10
behavioral1
- Target
  
  Additional/CiWinCng64.dll
- Size
  
  3.3MB
- MD5
  
  cc9393adf63e1d1cb7ab6deb7fd73e1c
- SHA1
  
  1f8386a6171fbf0f7721daf737bc812225da7800
- SHA256
  
  c1596b987462edfcae5895d7dae2552e4cc737a2419da46c2e6911cc91b41c08
- SHA512
  
  04ac90229fc7e753054725bbdd78681415b39c146d65f50e656938c2c5a56420bf9ad8c384d482f5066d94932e1c4a745faa8fb506e6a43a088772dc91572631
- SSDEEP
  
  49152:zfIU6iPVwASO8GtlqaHIPxy/iME+8fRFnuq2bG9G5XozWGmVXUK50TC6Zm+qbZKu:8+FPisw0VXUE0TLDv0zojYZ
Score

1^/10
behavioral2
- Target
  
  Additional/bdfilters.dll
- Size
  
  4.1MB
- MD5
  
  ed730387fdcd684b756601b863c47417
- SHA1
  
  c49ed6d0d46facf4ceaeb21f5d6bfdf9e3587fde
- SHA256
  
  9cbc29696ad2d582e251bf9c4be5cce618753fa43551d2474e1ae5cc5e1245e5
- SHA512
  
  e32df727799d33922c6e92f94a7bdb0bc2772d6a6636d15e285d94d3ae4661062e5bc89ec3546b76ec853398f88d972f461327ef687f89093acf1096560d5c3f
- SSDEEP
  
  98304:Xl4qYuQxqYfHYosUiJovT7DBmmhjSF5og3Vk9O0KChvvvveo:XuqYuQxqYfHYosUiJoviVKvvvvJ
Score

1^/10
behavioral3
- Target
  
  Additional/bdfilters64.dll
- Size
  
  4.6MB
- MD5
  
  13f7a29baa1e04f74151737cb71bd0e5
- SHA1
  
  0bc8682c6c96923a729aa6239aa53d95221b13ab
- SHA256
  
  008fababd36e8fbfd5f610a2c62d47963e78ec91e54ad69a1e20807445c3528d
- SHA512
  
  4cea11e88e8861c4094b227d85295c0d67452af703b0ec9dfe475797b87d03b40bc1f6b58dcc00996672c1c05d99b82dcc067bc429a1465ae90f4ec966f2bca8
- SSDEEP
  
  49152:MQJ/D3PQxTTvfwBvvfrsdBD3PQxTTvfwBvvfrsdBD3PQxTTvfwBvvfrsdVDYPdxv:VJTjWDdLhiapD88SiQZsvvvvC
Score

4^/10

persistence
behavioral4
- Target
  
  DLL/D3Dcompiler_47.dll
- Size
  
  3.3MB
- MD5
  
  c5b362bce86bb0ad3149c4540201331d
- SHA1
  
  91bc4989345a4e26f06c0c781a21a27d4ee9bacd
- SHA256
  
  efbdbbcd0d954f8fdc53467de5d89ad525e4e4a9cfff8a15d07c6fdb350c407f
- SHA512
  
  82fa22f6509334a6a481b0731de1898aa70d2cf3a35f81c4a91fffe0f4c4dd727c8d6a238c778adc7678dfcf1bc81011a9eff2dee912e6b14f93ca3600d62ddd
- SSDEEP
  
  49152:PyZ9lnpmVm/w+EwVOmufvkQS8MH2J9CqS5Sqr88pPWW5KhQYPsXqUiQ6:E9fWAwVBC8MH2JNSF8+YPsXqUT6
Score

3^/10
behavioral5
- Target
  
  DLL/Qt5Core.dll
- Size
  
  4.9MB
- MD5
  
  aa6ce2c97b80c323cbe9f86dbd6d263e
- SHA1
  
  089f6915aa650b0cc7dcc53a7e4365310523dd68
- SHA256
  
  85e29fd8a95f23a8af5ed0d0e93d18fcc30f95affbb75a1fcb20b873e8e5d8b0
- SHA512
  
  dd3e1684306624dbf0398021b1fa8833a348dec9271b5eb224c9a59877f832ce1aedb9c4f6ef84c061bf3585f3a5628e9f49296deab542b36ae3fa2230f3b417
- SSDEEP
  
  98304:D/cPFLQEJuMEGJsv6tWKFdu9C9Ed74Gx80MEcUsk80MEcUsk80ycUsk80M6Ou:DsRJsv6tWKFdu9C9y7g
Score

3^/10
behavioral6
- Target
  
  DLL/Qt5Gui.dll
- Size
  
  5.2MB
- MD5
  
  0906103e25f7349766fc6025c491aa5a
- SHA1
  
  350589ec1f12ba5f65afc263c10243e10a362287
- SHA256
  
  ba869785c14c4ace0924c123295a503a59cf90cc4da68e0c61c47187b3754fe6
- SHA512
  
  ab28b7c562a342c8cbc1dad5290c2c9d2e0678de871f8ae71163fdc6bd7458084481f84baeff3349f9f79c5f07fa3e20cea4553b163fcbec75709ddf599b808b
- SSDEEP
  
  49152:QxxOt5RYfb/yCBXDCiYERf8ogtACsw5FvH3CjsE7d9oDCCGCdBEtq01zN+p6G6n7:TdEHBXWiYERf9gtACTv+7d9oDCCGQpQ
Score

1^/10
behavioral7
- Target
  
  DLL/Qt5Network.dll
- Size
  
  1.0MB
- MD5
  
  11c016d03aefc9e124828cb7cd775cf3
- SHA1
  
  cfdcf0bf5834e507cf87c7e283d14a7c89aa2628
- SHA256
  
  10fabe35ca0b0b9c35c2f618c801fb999bde09572a7fa10415b2b3f6b6470a7d
- SHA512
  
  87cc26fee8033ce638828fb773f62704f48a20c042faf70c9f97e9f1d76a09e6060c818ad2d4cd6cccaf4464fb23e9bcfc77d53a6f24415aa0d83455260ce36d
- SSDEEP
  
  24576:rC99Z7u86aKFihx3g1J6wr/zv+p6FhvWFCS4XaQli:v86aKYNaGqhecXN0
Score

3^/10
behavioral8
- Target
  
  DLL/Qt5Qml.dll
- Size
  
  3.2MB
- MD5
  
  bd0157711ab3d30948b0d3c940495200
- SHA1
  
  12688c4bbe9645ffc25e5c8fc2e303c5dc82dfc8
- SHA256
  
  f04f46132e2cee2ecef4ea413e994c628357d00b18bb4990cea02d96300bfedb
- SHA512
  
  8e10f1e97b3d8f5030d61999e851e3c434bb07cdf7dda98d2e9bc7eba50109c2ad4961056959553ccdbf3d0e396a9190a9393e25d8315c9c8cf5f590efc31bc8
- SSDEEP
  
  49152:FPyvoCUK/AsNkNqzAsF+/jSB7U39xNd2kuLR6cnWpCY7P:JqoCswzG/je7OxNdDT
Score

3^/10
behavioral9
- Target
  
  DLL/Qt5Quick.dll
- Size
  
  3.1MB
- MD5
  
  ff3b9e5a3aeb7a141ae287b7fd197046
- SHA1
  
  39d1c3549afade1bd06c12608ed50e6c5bb80e86
- SHA256
  
  c91b3b9e3c32535f1f9389fa88f8b9a172fc389d1d3f953d43347bc5c3f67ad3
- SHA512
  
  fdc8398661d8a227e2e15adb1bb9429009b239ab0018f4ba6bc8c0ae9876b8c52a648fd96a27189032c33b3595214b45a710deeedc63bea28db1a8ed10ea07c9
- SSDEEP
  
  49152:R7fxohp1giw6HbE6cpzF4o9kbxLk3z/KxBhwTFC/:Dohprw6HbE6YyoO5/hwTFC/
Score

1^/10
behavioral10
- Target
  
  DLL/Qt5Widgets.dll
- Size
  
  4.4MB
- MD5
  
  07b30ed72326c030aae212224034bf28
- SHA1
  
  13283d6bd5e953a298ea2dd095bedb239dcd7961
- SHA256
  
  fae1cbde9e10955e8b0ff414e64020be20bf9d1d62e7c583b4510b60f363faf0
- SHA512
  
  228bf5d5adac1e6fb8eb4cdc75d60f44d1c81c2e5f44d1f04bb3929a06fc2ebbe33bc634a90d593d5892f75121d96a680fd988cb0b462bed82db7183c936fbf4
- SSDEEP
  
  98304:QvFOYikKmlkpxE5G2qWIWhZIsC6C0DH2DEijycRoe+KbD/Mb7C8I+b2fGA4MgHQk:ZSZpcRjgVb6Y
Score

3^/10
behavioral11
- Target
  
  DLL/browser.dll
- Size
  
  22.6MB
- MD5
  
  5f9d4bb9ac9fed4b2152285eb293d1dd
- SHA1
  
  a3d05e0025c2bc43dd19735f5758d570296a9f76
- SHA256
  
  00831d7832f41f62f36bf61f4695892d07ba4ada2466e165d8816c56fa8adefa
- SHA512
  
  367cc9189c9f3e83381d1875b5921bd1883dd5256494a103d80d3689b863f1a39241d9012db7e5d882161ca92b6bc1fc417d7fec0ada8e7c22f49826166b014c
- SSDEEP
  
  393216:3WxBCnwwNTPYDrvjf1Dv0te6J+IsGD6h4Gx:0cnwwNTPYDrvjflv0AGfy4U
Score

3^/10
behavioral12
- Target
  
  DLL/libGLESV2.dll
- Size
  
  2.7MB
- MD5
  
  847688ef0fd9d811cefe0a4e95bf4a1a
- SHA1
  
  deb8a8a75c07cea316c3b1c145a20b9d357a277e
- SHA256
  
  20875405f90609a2d6023ccd51b063da6750bd8db1720bd09e8b4fbb65d034f7
- SHA512
  
  d4a88ce3f24e65de8092929099fe303557ed1b1e58ae82dc59a617fe27c0595db2f3a7e5598c53c67b6fe5d23e43dd36efb37aa35a8f67036b9e4fc7f49209cb
- SSDEEP
  
  49152:AOdBHA+8YIQe/dC0sycRJxV/NVlL7O01rSj/+CLWq:rVVI3djuxV/Nbvi
Score

1^/10
behavioral13
- Target
  
  DLL/libcrypto-1_1.dll
- Size
  
  2.4MB
- MD5
  
  0399619c3a5fe9ed498af787cdc10f15
- SHA1
  
  23d7b48d4a99d18b3d6987b9ffd9ad5ff8f3498a
- SHA256
  
  fb5071bdfbfb59fb1102ed7c159edfb291e90d08c864ea4e372415192da19fc2
- SHA512
  
  0dd63c0f54a7228b8641f7c0d33f8b7051315ea9da53f48ffc3c9ff78a43cb31406585962f0d31eef1f85013c50279c30efde41672e18794e723c37226eca44d
- SSDEEP
  
  49152:1OP07cFnh1xocCIM0iZKtv0Zj852z1CPwDv3uFfJ10stT:1OP/450isaZj8Ez1CPwDv3uFfJ1
Score

3^/10
behavioral14
- Target
  
  DLL/opengl32sw.dll
- Size
  
  15.3MB
- MD5
  
  8b197f55264a44b7b25046f7ba5bd7d2
- SHA1
  
  cef69e168160968e00ffffa136e1af7819e7c0ce
- SHA256
  
  25ae7577e066fa80519a8f1c314b15cdd22e4a8d3ecd2a36eccc79e40714a91d
- SHA512
  
  6af2b1b17a7e3460099359a6750221aacb8f9ce0e80b346dbafd2cbd8e579543b980f98e0aeb199e0781a045c9d6a7f2f11c8628f960c13550328487b7fa9154
- SSDEEP
  
  393216:rNkEXgt/UOdyRLjqkmbBDrta60HYUnuedxO0g//NuPyEMO32ovq:rN1QtXdyRLjqNbBDrta60HYUpO0Q/NuZ
Score

1^/10
behavioral15
- Target
  
  DLL/ucrtbase.dll
- Size
  
  1.1MB
- MD5
  
  29c9f59033067b7d9465318416ce9902
- SHA1
  
  e262dfb76103322f12bc7b87507cb45b96459818
- SHA256
  
  7e1943a3fee74db5564b3f96007bd997bc3e8248b45b27baa88d5ddeaef55737
- SHA512
  
  d38bd0566305c160fb078c0199cd1b1868ecbf7b271f1efb5a592528503e05381b2e949ea97259ed9155da5ce6234c3ceb81e8271614970cc4704100f9bb0dc4
- SSDEEP
  
  24576:a2VZfeZo4IBkvV8+IVzvwybovtH+JNe2rx9/DK706yyfmcvIZPoy494H77xp:NVZxXwybovtH+X/Da06f4nxp
Score

1^/10
behavioral16
- Target
  
  FileInstaller.exe
- Size
  
  102.0MB
- MD5
  
  0dcd6d29ce1ed0448b7cd946e7858611
- SHA1
  
  e938dbff736ea13453da389ebd944dcb28bb4e22
- SHA256
  
  e49912beac8783d8d815e2d85019d98819abdabcde1a5bc6f3ce93a5a467ddb9
- SHA512
  
  7fc04b03bb3ba119e1bc13ffe288cab016a63011fa4c7ca3ee063f11e2323696374009baaca8bbef9ea556fddbc65891a6c60960b82982fc7c7c1bb52c7faa0c
- SSDEEP
  
  12288:MUZ6c25lke0kjcwIdfx5j+uvTJkDRGGF1qLF8yXPeJDBT79fLsaO:ZZ6/wTgcwIdDHJkfAF8gPerT7uaO
Score

10^/10

rhadamanthys stealer
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Legitimate hosting services abused for malware hosting/C2
behavioral17

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17