Description
Quorum Cyber's Incident Response team discovered a novel malware, SharpRhino, used by the threat actor Hunters International as an initial infection vector and Remote Access Trojan (RAT). This malware, coded in C#, is delivered via a typosquatting domain impersonating Angry IP Scanner. Upon execution, it establishes persistence and provides remote access, employing unseen techniques for elevated permissions. The report outlines SharpRhino's capabilities, Hunters International's tactics, MITRE ATT&CK mapping, and Indicators of Compromise.
Date
| Published | Created | Modified |
|---|---|---|
| Aug. 6, 2024, 11:18 a.m. | Aug. 6, 2024, 11:18 a.m. | Aug. 6, 2024, 11:35 a.m. |
Indicators
d2e7729c64c0dac2309916ce95f6a8253ca7f3c7a2b92b452e7cfb69a601fbf6
b57ec2ea899a92598e8ea492945f8f834dd9911cff425abf6d48c660e747d722
9a8967e9e5ed4ed99874bfed58dea8fa7d12c53f7521370b8476d8783ebe5021
3f1443be65525bd71d13341017e469c3e124e6f06b09ae4da67fdeaa6b6c381f
223aa5d93a00b41bf92935b00cb94bb2970c681fc44c9c75f245a236d617d9bb
09b5e780227caa97a042be17450ead0242fd7f58f513158e26678c811d67e264
Attack Patterns
SharpRhino
Hunters International
T1036.001
T1027.004
T1497.003
T1543.003
T1135
T1027.002
T1497.001
T1059.003
T1059.001
T1480
T1547.001
T1071.001
T1573
T1134