Overview

overview

10

Static

static

OBS/OBS.exe

windows7-x64

10

OBS/OBS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OBS-project.zip

  • Size

    17.4MB

  • Sample

    230116-l37l2add53

  • MD5

    7b1c74e08d42757792cb935800da1e75

  • SHA1

    b5902737cff8946ebc43771a47eca5237b2c6cdc

  • SHA256

    4daaba19d412cdf3838a0c373cdc9b7cfc26423723307482e4b0f946909c726e

  • SHA512

    821978f8ae4f5397813adde7a52f8e9a1791e78b7d33a6825e4e6576ae3d0ffd3fdfac8f05bfbc0d0c84813991097e7c2a15f98c7e4b8eee19696466440eac4b

  • SSDEEP

    393216:xsCdwI+MshEZaynVkpk/7Q8BpuiiJKhMFUV28tP33+NM4:AASICshMFE28tvuNM4

Score
10/10
rhadamanthysstealer

Malware Config

Targets

    • Target

      OBS/OBS.exe

    • Size

      726.7MB

    • MD5

      1f0664bc6de1cb394c6fdcb4e8792d26

    • SHA1

      734a5f8223ac62bd6ae12e881d5841791b1b7071

    • SHA256

      0afc18a6890970fa87b32ea90270db1f723190bba3a4fb24957a901cbacc7de2

    • SHA512

      e84ac11ad875d3cf9f853c535697818dba4ec666dbcc66cb2350379d0df091598b7ed5d2b1d59f4379d53b1e5c558d85e5c194b766b6b0b472803a0c7fa68b5d

    • SSDEEP

      196608:ech1JnwRSDaTvKuXwk2SA9lE6PI/GR8x1MA8Ran:dJOBKZk2S0P6hvMXan

    Score
    10/10
    rhadamanthysstealer

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks