Overview

overview

10

Static

static

v5.3/Setup.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    v5.3.zip

  • Size

    33.0MB

  • Sample

    230109-l94hyshc7t

  • MD5

    63fa1f373f07ee0222a6690a0ca326b9

  • SHA1

    632563bd54a125ed0896147a9113ed73cf2624fe

  • SHA256

    01c0d849b3c4bb2b7b847566f10585d945c620920949912ace4e763ff8b18855

  • SHA512

    1d1f83f5e8fda4adec13ad3368e6dbf1d8720de37915020ef037f6bbeb6855f8df0f14fdbf38db2eeffc8c041cd98568ba8a4f7428f461f8fc094239b57e5598

  • SSDEEP

    786432:kmei4i2lrPhjRv3yQWfl9uYXl1FqO1kZ6kyyekJdIBFwS:GlrJj1yQwPuYHFnFkr73IBFwS

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      v5.3/Setup.exe

    • Size

      37.2MB

    • MD5

      5f3d100aeee70c08cf9ef4fce1970bf9

    • SHA1

      37a9301c431c5b8e1428aa8f2679dc48f4417af9

    • SHA256

      8ff7b3f08bd4e71934194bccc8d3f160152fa42f4b57149ee298c290d4295b34

    • SHA512

      6dd2529a115c46b8530d0a51787d029f905f2934d0e8cb71643da110a51c83ed87d17cbc962b37ad80e58d3cfdd6c73df9ffe46056ab9d37a054ce84e5545684

    • SSDEEP

      786432:hKJlNpDhJ5L2ceZ1hsKtBzhS4hcLossqI8FBk3xQy:hglNFhb2cuvsK3hv3sPD7k3xQy

    Score
    10/10
    rhadamanthysstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks