General
-
Target
HWID_Changer.exe
-
Size
102.0MB
-
Sample
240619-e8g51atgjf
-
MD5
0dcd6d29ce1ed0448b7cd946e7858611
-
SHA1
e938dbff736ea13453da389ebd944dcb28bb4e22
-
SHA256
e49912beac8783d8d815e2d85019d98819abdabcde1a5bc6f3ce93a5a467ddb9
-
SHA512
7fc04b03bb3ba119e1bc13ffe288cab016a63011fa4c7ca3ee063f11e2323696374009baaca8bbef9ea556fddbc65891a6c60960b82982fc7c7c1bb52c7faa0c
-
SSDEEP
12288:MUZ6c25lke0kjcwIdfx5j+uvTJkDRGGF1qLF8yXPeJDBT79fLsaO:ZZ6/wTgcwIdDHJkfAF8gPerT7uaO
Static task
static1
Behavioral task
behavioral1
Sample
HWID_Changer.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
HWID_Changer.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
HWID_Changer.exe
-
Size
102.0MB
-
MD5
0dcd6d29ce1ed0448b7cd946e7858611
-
SHA1
e938dbff736ea13453da389ebd944dcb28bb4e22
-
SHA256
e49912beac8783d8d815e2d85019d98819abdabcde1a5bc6f3ce93a5a467ddb9
-
SHA512
7fc04b03bb3ba119e1bc13ffe288cab016a63011fa4c7ca3ee063f11e2323696374009baaca8bbef9ea556fddbc65891a6c60960b82982fc7c7c1bb52c7faa0c
-
SSDEEP
12288:MUZ6c25lke0kjcwIdfx5j+uvTJkDRGGF1qLF8yXPeJDBT79fLsaO:ZZ6/wTgcwIdDHJkfAF8gPerT7uaO
-
Modifies visibility of file extensions in Explorer
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Creates new service(s)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
3Windows Service
3Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Modify Registry
4Impair Defenses
2Disable or Modify Tools
1Hide Artifacts
1Hidden Files and Directories
1Subvert Trust Controls
1Install Root Certificate
1