General
-
Target
meteor-client-0.5.6.jar
-
Size
4.3MB
-
Sample
240614-yk5e6stbrc
-
MD5
aeb72058322874fdd27ff6a756833ca1
-
SHA1
708afcdc073b4da7cbc4f2730a9f4aec301a0192
-
SHA256
0058cfe2b24392bb6d84a7cbae10c66ecadfcef47b31e7fa5ad0e8f0b4f71c99
-
SHA512
81f204fba4b377b171c3d9ac290707808bac1a7d8cf6f955e568d3eec0ef740428cce24c6a7bddaff17f7c6f383ad3694064c55c4dee2b95c50132fb13df78bd
-
SSDEEP
98304:RM2SKrU1EdVTWClwpcBb0ugFxA0aT7gCNh50kKxES20:RM2uuZWClwgbrWAhxKxg0
Static task
static1
Behavioral task
behavioral1
Sample
meteor-client-0.5.6.jar
Resource
win11-20240611-en
Malware Config
Extracted
https://rentry.org/lem61111111111/raw
Targets
-
-
Target
meteor-client-0.5.6.jar
-
Size
4.3MB
-
MD5
aeb72058322874fdd27ff6a756833ca1
-
SHA1
708afcdc073b4da7cbc4f2730a9f4aec301a0192
-
SHA256
0058cfe2b24392bb6d84a7cbae10c66ecadfcef47b31e7fa5ad0e8f0b4f71c99
-
SHA512
81f204fba4b377b171c3d9ac290707808bac1a7d8cf6f955e568d3eec0ef740428cce24c6a7bddaff17f7c6f383ad3694064c55c4dee2b95c50132fb13df78bd
-
SSDEEP
98304:RM2SKrU1EdVTWClwpcBb0ugFxA0aT7gCNh50kKxES20:RM2uuZWClwgbrWAhxKxg0
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-