General
-
Target
Moon Spoofer.zip
-
Size
212KB
-
Sample
240609-ynwx7sfa54
-
MD5
058f74a97a6cfe0e58c84165a6d6c370
-
SHA1
acd45a01760d109f5c21eea813d99cfa0e4ed4fb
-
SHA256
a52919133d8f4bf31890c9a4801c946c3e9f162302092c2660b6d93d836f5dd8
-
SHA512
69eff070b860ec8e98c335a76be560adceba586a460265dce392f2c928e3f8111832f9ee5969691a1050b15485ca56beec75ffcd007f3922a7eddda2c17aa4b4
-
SSDEEP
6144:XIFHnNtSAJXT7VBsj60FmVDCjTggc6vk7lTqLEw4kNFN5kT3rHaqACp1qiWXcl4U:YHNwAJPkj60FmVDQc6vC
Static task
static1
Behavioral task
behavioral1
Sample
Moon Spoofer/Moon Spoofer/Spoofer.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Moon Spoofer/Moon Spoofer/Spoofer.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://rentry.org/FUCKOFFNIGGA/raw
Extracted
https://bitbucket.org/gedegrereghh/fuckyougithub/raw/37140025d15f5d49ec2bd023f7557f06268d7c49/pancake-unpacked.rar
Targets
-
-
Target
Moon Spoofer/Moon Spoofer/Spoofer.exe
-
Size
7KB
-
MD5
960d70161f0ac1ddd8093955446bdcbc
-
SHA1
5943c81939f9b43228e2fe2f65e90c54660ae47f
-
SHA256
31e6573e37d06a71b3025c0e9ed4901093ed5262bc60bbbdf7ce1ed28ebb021a
-
SHA512
8f3f6091fb3d09d4cdb0f9540bbbc2de0562dd5bb77c8446db49f274be7b173cbc0aa24206e25838cc6b6c6578440c0ecfd1a17acc94c50ebd014cbe16617c14
-
SSDEEP
192:+9yqvjp73xsznGjcJr9emxan6mUqlwc6nYZKvkV/9dXq:+9Jv1dOnGjcJrQmxan6m/ec6nYZSkV/2
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-