rhadamanthys | cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

Resubmissions

17-01-2023 00:12

230117-ag8resbf4t 10

16-01-2023 22:23

230116-2awbasad3z 10

Sharing

General

Target

cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6
Size

404.2MB
Sample

230116-2awbasad3z
MD5

fcb4b9dfe2f6ed4504410160001d03a7
SHA1

2b66273ea2797e5ba3e33582da6d0f91f5e7833c
SHA256

cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6
SHA512

3373699f165aab7cccfb6062ac3c3a49d76fc7591f971a76ce4e6d3eb7e1f0fdfad2d71a7632bd5013a44d8b718ef510f3198c87572f58d828c5d68a613a9efa
SSDEEP

49152:At33d2m6BN4NPGonVbx5Y3Va5i/QWKxLBNZZcAt:iQozTG3Va5iYJxLB7ZcA

Score

10^/10

rhadamanthys systembc stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6.exe

Resource

win7-20221111-en

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6.exe

Resource

win10-20220812-en

rhadamanthys systembc stealer trojan

windows10-1703-x64

15 signatures

300 seconds

Malware Config

Extracted

Family

systembc

C2

45.147.197.24:4001

80.89.234.122:4001

Targets

- Target
  
  cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6
- Size
  
  404.2MB
- MD5
  
  fcb4b9dfe2f6ed4504410160001d03a7
- SHA1
  
  2b66273ea2797e5ba3e33582da6d0f91f5e7833c
- SHA256
  
  cba50262e42c695572cd4591b025a3f81d28243faed9db98583af59639914be6
- SHA512
  
  3373699f165aab7cccfb6062ac3c3a49d76fc7591f971a76ce4e6d3eb7e1f0fdfad2d71a7632bd5013a44d8b718ef510f3198c87572f58d828c5d68a613a9efa
- SSDEEP
  
  49152:At33d2m6BN4NPGonVbx5Y3Va5i/QWKxLBNZZcAt:iQozTG3Va5iYJxLB7ZcA
Score

10^/10

rhadamanthys systembc stealer trojan
- Detect rhadamanthys stealer shellcode
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

rhadamanthyssystembcstealertrojan

© 2018-2024

Terms | Privacy