Overview

overview

10

Static

static

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

10

Resubmissions

25-01-2023 04:25

230125-e196taeh52 10

25-01-2023 04:06

230125-epfstsge8y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bed801306842692dafa1aa5c7a23ae4effc9a214f765ca6572c7253630e434ef

  • Size

    449.7MB

  • Sample

    230125-epfstsge8y

  • MD5

    0d6dfaceb17ba1292c061758f9c9cc29

  • SHA1

    49de8d4fb7bd9e74c33d84fd9c7e8e5c1016ff68

  • SHA256

    bed801306842692dafa1aa5c7a23ae4effc9a214f765ca6572c7253630e434ef

  • SHA512

    f9b462863b3bf547bd6e2d851a66884a0867d6566341d9893f3145899c7ed510cfbbf7d6ffb0d809bda3ff174396cb7ad8461d6788b73cc0cf5fd3e444cde19e

  • SSDEEP

    24576:v5ar505yClYM/gCHWxXDPy0cphuST/3PW1ucqqwje973dxu0yLCiXt9jTWcq/:v5ariy4YMexJZw/Iucdp3IbXtFT

Score
10/10
rhadamanthyssystembcstealertrojan

Malware Config

Extracted

Family

systembc

C2

45.147.197.24:4001

80.89.234.122:4001

Targets

    • Target

      bed801306842692dafa1aa5c7a23ae4effc9a214f765ca6572c7253630e434ef

    • Size

      449.7MB

    • MD5

      0d6dfaceb17ba1292c061758f9c9cc29

    • SHA1

      49de8d4fb7bd9e74c33d84fd9c7e8e5c1016ff68

    • SHA256

      bed801306842692dafa1aa5c7a23ae4effc9a214f765ca6572c7253630e434ef

    • SHA512

      f9b462863b3bf547bd6e2d851a66884a0867d6566341d9893f3145899c7ed510cfbbf7d6ffb0d809bda3ff174396cb7ad8461d6788b73cc0cf5fd3e444cde19e

    • SSDEEP

      24576:v5ar505yClYM/gCHWxXDPy0cphuST/3PW1ucqqwje973dxu0yLCiXt9jTWcq/:v5ariy4YMexJZw/Iucdp3IbXtFT

    Score
    10/10
    rhadamanthyssystembcstealertrojan

    • Detect rhadamanthys stealer shellcode

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks