SharpRhino – New Hunters International RAT

Aug. 6, 2024, 11:35 a.m.

Description

Quorum Cyber's Incident Response team discovered a novel malware, SharpRhino, used by the threat actor Hunters International as an initial infection vector and Remote Access Trojan (RAT). This malware, coded in C#, is delivered via a typosquatting domain impersonating Angry IP Scanner. Upon execution, it establishes persistence and provides remote access, employing unseen techniques for elevated permissions. The report outlines SharpRhino's capabilities, Hunters International's tactics, MITRE ATT&CK mapping, and Indicators of Compromise.

Date

  • Created: Aug. 6, 2024, 11:18 a.m.
  • Published: Aug. 6, 2024, 11:18 a.m.
  • Modified: Aug. 6, 2024, 11:35 a.m.

Indicators

  • d2e7729c64c0dac2309916ce95f6a8253ca7f3c7a2b92b452e7cfb69a601fbf6
  • b57ec2ea899a92598e8ea492945f8f834dd9911cff425abf6d48c660e747d722
  • 9a8967e9e5ed4ed99874bfed58dea8fa7d12c53f7521370b8476d8783ebe5021
  • 3f1443be65525bd71d13341017e469c3e124e6f06b09ae4da67fdeaa6b6c381f
  • 223aa5d93a00b41bf92935b00cb94bb2970c681fc44c9c75f245a236d617d9bb
  • 09b5e780227caa97a042be17450ead0242fd7f58f513158e26678c811d67e264

Attack Patterns