Overview

overview

10

Static

static

dca16a0e7b...f5.exe

windows7-x64

10

dca16a0e7b...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8662276816.zip

  • Size

    103KB

  • Sample

    221226-1ep5eadg74

  • MD5

    94a047a183b3e6cf1bf4fcb4ef946de8

  • SHA1

    1fdeefd1fe8a888f6e7ade12f69b334a90485c26

  • SHA256

    988ac9e194dbe48358cb0bc14bb0872b7fb483c4dfdb9ab55d1f0e7f385f52be

  • SHA512

    9c9cfc11d3531e1cc549a30fdba44330e585b95d6fe81c77a089e5675dd5042337454d7eac9da6233ddb36a55eb2881659c3b8ad8d1ab5927def6e0d35fa64e5

  • SSDEEP

    1536:XUejdBEsAw5nL0980WUB3QZwdMcn8Duu+Mz5f2QzyVLh/cPTVpHqI8t/1Onwn:Z5Oxw5nLO80WUBNdM1zkVLpi3Hp8twW

Score
10/10
rhadamanthyscollectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5

    • Size

      149KB

    • MD5

      221c3bf6b4e3c355fdce087122511fe4

    • SHA1

      975c36eb0442edd4d42996a3dd554ab36f95ff55

    • SHA256

      dca16a0e7bdc4968f1988c2d38db133a0e742edf702c923b4f4a3c2f3bdaacf5

    • SHA512

      edacc09d25e4c9d1d19885abe2fea72aff44e75862d9c3f1aa158edf5c40d635551abb820e89533696a4e9f3664e45c18f112a2a81e94d3badf13ed0b5acbcb4

    • SSDEEP

      3072:sY8Ah6pPHmZbnjL9/LZHR29C6BoFQ9QQMb7d2Y+lO662kosOgl7A8lhOlAETZeiS:h8AhKvmZbjL9/lHR29vkQ9lMUSnbOgl7

    Score
    10/10
    rhadamanthyscollectiondiscoveryspywarestealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks