Managed XDR

home-petik-ss-malware-..._karagany_rhadamanthys (Hupigon) — malware analysis report

File info

Filename
home-petik-ss-malware-2025-09-12_b4b7113d1e372ad1c3fe865d3bdb6858_bkransomware_darkgate_elex_karagany_rhadamanthys
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
3.4 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
f41ff30d4f84fa04df8075a9f5717838312fa7c0
SHA256
e094baaf66ab6d74cf4cebe1d3c2c0b568d94226270fe4649c451d1f992093f1
MD5
b4b7113d1e372ad1c3fe865d3bdb6858

Malwares

  • Hupigon

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
dead_host: Connects to IP addresses that do not respond to requests
require_administrator: Requests administrator privileges
message_box: Displays a message
error_drawtext: An error occured while executing the file
creates_in_programdata: Creates files in the ProgramData directory
suricata_alert: Malicious traffic detected

Related reports

Managed XDR