privateloader | ee8ea5570b0a2c9f6aef8e551cc0d3fbd0be45dc5c11c50ca7056eef2d85d77d | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

1

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

4.9MB
Sample

230120-zg1hgsbf7z
MD5

7dabec607b4872e1f64863dd68f18d82
SHA1

30798aa374bc4f37154e4fefb161cc41dab614f4
SHA256

ee8ea5570b0a2c9f6aef8e551cc0d3fbd0be45dc5c11c50ca7056eef2d85d77d
SHA512

a7ff811c169f9b46b0f789d85b71fb9b9b3dfc374fc1ae225d0e090c0eb29c178bc9fb7f7bdfe9158dedd681243e6150fdbe55896a2b6fb17f32ae694b0bcf7d
SSDEEP

98304:SIhSxS66DH5nm+UxPcHlYKB0hn5NeQJEFO2AlDmt8:SK66DH5dUxkFXBG02EWlDn

Score

10^/10

privateloader rhadamanthys loader stealer

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

privateloader rhadamanthys loader stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  4.9MB
- MD5
  
  7dabec607b4872e1f64863dd68f18d82
- SHA1
  
  30798aa374bc4f37154e4fefb161cc41dab614f4
- SHA256
  
  ee8ea5570b0a2c9f6aef8e551cc0d3fbd0be45dc5c11c50ca7056eef2d85d77d
- SHA512
  
  a7ff811c169f9b46b0f789d85b71fb9b9b3dfc374fc1ae225d0e090c0eb29c178bc9fb7f7bdfe9158dedd681243e6150fdbe55896a2b6fb17f32ae694b0bcf7d
- SSDEEP
  
  98304:SIhSxS66DH5nm+UxPcHlYKB0hn5NeQJEFO2AlDmt8:SK66DH5dUxkFXBG02EWlDn
Score

10^/10

privateloader rhadamanthys loader stealer
- Detect rhadamanthys stealer shellcode
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

privateloaderrhadamanthysloaderstealer

© 2018-2024

Terms | Privacy