Overview

overview

10

Static

static

1

NcCrack-Loader.zip

windows10-2004-x64

10

Resubmissions

22-06-2024 16:58

240622-vgsenazcmn 10

22-06-2024 16:01

240622-tgg39axgml 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NcCrack-Loader.zip

  • Size

    12.8MB

  • Sample

    240622-vgsenazcmn

  • MD5

    18e398f15f5f2adbc5c0d8481f8a5100

  • SHA1

    8f092c32b221ff1256e079cbc5ff606cffc0ff09

  • SHA256

    380e7634606079bda646b9254ee41e4382b66d893023edbfa95d00f0dd8fb8a1

  • SHA512

    c1825c7de4cba4e01a0d5d7a1c9b851f3d5467dc90623d26f9287467327c15959158ffb3ab776a4c24a5084b4b25e509978e2d88e9b1b7499fb25d8580fd0058

  • SSDEEP

    393216:PQdfQ2QnNgnxIvrbNOGcPHaNH1C7z7mI26Bkjf+OugZFdw4V16gvp:POfQ/Ngx6oGt1C7fw6BPg5T1FR

Score
10/10
rhadamanthysexecutionstealer

Malware Config

Targets

    • Target

      NcCrack-Loader.zip

    • Size

      12.8MB

    • MD5

      18e398f15f5f2adbc5c0d8481f8a5100

    • SHA1

      8f092c32b221ff1256e079cbc5ff606cffc0ff09

    • SHA256

      380e7634606079bda646b9254ee41e4382b66d893023edbfa95d00f0dd8fb8a1

    • SHA512

      c1825c7de4cba4e01a0d5d7a1c9b851f3d5467dc90623d26f9287467327c15959158ffb3ab776a4c24a5084b4b25e509978e2d88e9b1b7499fb25d8580fd0058

    • SSDEEP

      393216:PQdfQ2QnNgnxIvrbNOGcPHaNH1C7z7mI26Bkjf+OugZFdw4V16gvp:POfQ/Ngx6oGt1C7fw6BPg5T1FR

    Score
    10/10
    rhadamanthysexecutionstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks