Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

SharpRhino – New Hunters International RAT

Aug. 6, 2024, 11:35 a.m.

Description

Quorum Cyber's Incident Response team discovered a novel malware, SharpRhino, used by the threat actor Hunters International as an initial infection vector and Remote Access Trojan (RAT). This malware, coded in C#, is delivered via a typosquatting domain impersonating Angry IP Scanner. Upon execution, it establishes persistence and provides remote access, employing unseen techniques for elevated permissions. The report outlines SharpRhino's capabilities, Hunters International's tactics, MITRE ATT&CK mapping, and Indicators of Compromise.

Date

Published: Aug. 6, 2024, 11:18 a.m.

Created: Aug. 6, 2024, 11:18 a.m.

Modified: Aug. 6, 2024, 11:35 a.m.

Indicators

d2e7729c64c0dac2309916ce95f6a8253ca7f3c7a2b92b452e7cfb69a601fbf6

b57ec2ea899a92598e8ea492945f8f834dd9911cff425abf6d48c660e747d722

9a8967e9e5ed4ed99874bfed58dea8fa7d12c53f7521370b8476d8783ebe5021

3f1443be65525bd71d13341017e469c3e124e6f06b09ae4da67fdeaa6b6c381f

223aa5d93a00b41bf92935b00cb94bb2970c681fc44c9c75f245a236d617d9bb

09b5e780227caa97a042be17450ead0242fd7f58f513158e26678c811d67e264

Attack Patterns

SharpRhino

Hunters International

T1036.001

T1027.004

T1497.003

T1543.003

T1135

T1027.002

T1497.001

T1059.003

T1059.001

T1480

T1547.001

T1071.001

T1573

T1134