SharpRhino – New Hunters International RAT
Aug. 6, 2024, 11:35 a.m.
Description
Quorum Cyber's Incident Response team discovered a novel malware, SharpRhino, used by the threat actor Hunters International as an initial infection vector and Remote Access Trojan (RAT). This malware, coded in C#, is delivered via a typosquatting domain impersonating Angry IP Scanner. Upon execution, it establishes persistence and provides remote access, employing unseen techniques for elevated permissions. The report outlines SharpRhino's capabilities, Hunters International's tactics, MITRE ATT&CK mapping, and Indicators of Compromise.
Tags
Date
- Created: Aug. 6, 2024, 11:18 a.m.
- Published: Aug. 6, 2024, 11:18 a.m.
- Modified: Aug. 6, 2024, 11:35 a.m.
Indicators
- d2e7729c64c0dac2309916ce95f6a8253ca7f3c7a2b92b452e7cfb69a601fbf6
- b57ec2ea899a92598e8ea492945f8f834dd9911cff425abf6d48c660e747d722
- 9a8967e9e5ed4ed99874bfed58dea8fa7d12c53f7521370b8476d8783ebe5021
- 3f1443be65525bd71d13341017e469c3e124e6f06b09ae4da67fdeaa6b6c381f
- 223aa5d93a00b41bf92935b00cb94bb2970c681fc44c9c75f245a236d617d9bb
- 09b5e780227caa97a042be17450ead0242fd7f58f513158e26678c811d67e264